Overview

overview

10

Static

static

1

image_2024...56.png

windows11-21h2-x64

Analysis

  • max time kernel
    1031s
  • max time network
    1034s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-08-2024 00:36

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    image_2024-08-15_173644456.png

  • Size

    65KB

  • MD5

    094782933a1b323b806d38e2163c514f

  • SHA1

    c8686351f07d316c55e98a4db19b494ee761cc15

  • SHA256

    339cf3a00a96168c86ffabb23d2dcec68bb93f4693a0ed9fd22c30ab920395e2

  • SHA512

    9e70ed9461ae64995290e3d3a06a07de533fbe01aef1b4fe391cacf6e4638248810722d14d32d366437121b5ed0baa727741c97d08a456e263735b3921b286ea

  • SSDEEP

    1536:Enq5ZwSrulPtZdenS9KGw0ALVCDGp7jdo00cjUl9elOtHNof:Eq7wECJkJvFomQ8wtHy

Score
10/10
cryptolockertroldeshdefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwaretrojanupx

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    evasiontrojan
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Disables RegEdit via registry modification 2 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 32 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 1 IoCs
    defense_evasion
  • Loads dropped DLL 64 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 6 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Interacts with shadow copies 3 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 9 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\image_2024-08-15_173644456.png
    1⤵
      PID:2800
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3564
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab8983cb8,0x7ffab8983cc8,0x7ffab8983cd8
        2⤵
          PID:484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
          2⤵
            PID:1868
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1308
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
            2⤵
              PID:4004
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:2920
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                2⤵
                  PID:3972
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                  2⤵
                    PID:2992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                    2⤵
                      PID:2416
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                      2⤵
                        PID:3672
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
                        2⤵
                          PID:2420
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5336 /prefetch:8
                          2⤵
                            PID:4088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
                            2⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                            2⤵
                              PID:4660
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3940
                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1360
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                              2⤵
                                PID:2328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                2⤵
                                  PID:1236
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                                  2⤵
                                    PID:2300
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                    2⤵
                                      PID:4268
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                                      2⤵
                                        PID:3468
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                                        2⤵
                                          PID:2844
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
                                          2⤵
                                            PID:5072
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6192 /prefetch:8
                                            2⤵
                                              PID:4324
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                                              2⤵
                                                PID:3940
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                                                2⤵
                                                  PID:2032
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                                  2⤵
                                                    PID:3932
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
                                                    2⤵
                                                      PID:1800
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                                      2⤵
                                                        PID:1132
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
                                                        2⤵
                                                          PID:2552
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
                                                          2⤵
                                                            PID:436
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 /prefetch:8
                                                            2⤵
                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:1800
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8
                                                            2⤵
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2328
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\install.bat" "
                                                            2⤵
                                                              PID:4688
                                                              • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                python --version
                                                                3⤵
                                                                  PID:1316
                                                                • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                  python -c "import cryptography"
                                                                  3⤵
                                                                    PID:756
                                                                  • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                    python -m pip install cryptography
                                                                    3⤵
                                                                      PID:3272
                                                                    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                      python -c "import aiohttp"
                                                                      3⤵
                                                                        PID:4116
                                                                      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                        python -m pip install aiohttp
                                                                        3⤵
                                                                          PID:452
                                                                        • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                          python -c "import PyInstaller"
                                                                          3⤵
                                                                            PID:2120
                                                                          • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                            python -m pip install pyinstaller
                                                                            3⤵
                                                                              PID:1552
                                                                            • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                              python builder.py
                                                                              3⤵
                                                                                PID:4048
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\install.bat" "
                                                                              2⤵
                                                                                PID:3172
                                                                                • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                  python --version
                                                                                  3⤵
                                                                                    PID:2212
                                                                                  • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                    python -c "import cryptography"
                                                                                    3⤵
                                                                                      PID:3212
                                                                                    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                      python -m pip install cryptography
                                                                                      3⤵
                                                                                        PID:1016
                                                                                      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                        python -c "import aiohttp"
                                                                                        3⤵
                                                                                          PID:4760
                                                                                        • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                          python -m pip install aiohttp
                                                                                          3⤵
                                                                                            PID:4432
                                                                                          • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                            python -c "import PyInstaller"
                                                                                            3⤵
                                                                                              PID:4860
                                                                                            • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                              python -m pip install pyinstaller
                                                                                              3⤵
                                                                                                PID:3132
                                                                                              • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
                                                                                                python builder.py
                                                                                                3⤵
                                                                                                  PID:2872
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17481111728517894154,2697959657862486851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1328 /prefetch:2
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:2448
                                                                                              • C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.2.exe
                                                                                                "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.2.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Modifies registry class
                                                                                                PID:1000
                                                                                                • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                  "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  PID:2432
                                                                                                  • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
                                                                                                    4⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks whether UAC is enabled
                                                                                                    • Checks processor information in registry
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:1204
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.0.509578034\776116367" -parentBuildID 20240805090000 -prefsHandle 2364 -prefMapHandle 2296 -prefsLen 19245 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {34bab43a-485c-4559-ab0f-0667f4f88516} 1204 gpu
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:2800
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.1.1252383255\509614143" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3032 -prefsLen 20123 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {264427d4-ed27-4bea-9c86-82d43dc0c6c5} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:2828
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:0ff0eecffcd3fe41600e55d837bcdcf8e0e1a908365755078f757c7397 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 1204 DisableNetwork 1
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3572
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.2.911461586\1650473628" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2976 -prefsLen 20833 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {122b2609-5583-48c9-a784-77a74eb61fa2} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:1672
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.3.419468829\874826704" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3484 -prefsLen 20972 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cbb61815-83f9-4710-a082-882b93d07fb9} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:4740
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.4.327407015\76234077" -parentBuildID 20240805090000 -prefsHandle 3904 -prefMapHandle 3892 -prefsLen 24176 -prefMapSize 240456 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {71f4dcd5-90b3-4cde-9bc8-932939bbabb4} 1204 rdd
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:5428
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.5.1015980772\868050461" -childID 4 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 22264 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {7f247604-bdc9-4068-ac8f-e2c4bd233286} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:5656
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.6.366000245\2146001182" -childID 5 -isForBrowser -prefsHandle 4240 -prefMapHandle 4244 -prefsLen 22264 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {acda47c6-e984-4e5d-b659-bd3a5688d95a} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:5684
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.7.1062141881\50864240" -childID 6 -isForBrowser -prefsHandle 4496 -prefMapHandle 4492 -prefsLen 22264 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fcadd111-5725-4a2d-974f-9ab135d43c97} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:5712
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.8.18060899\1505213432" -childID 7 -isForBrowser -prefsHandle 3704 -prefMapHandle 1676 -prefsLen 23192 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {1f89598a-8eeb-4b79-a41d-fb09b2a9ff9d} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:3476
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.9.127843009\384835358" -childID 8 -isForBrowser -prefsHandle 4860 -prefMapHandle 4468 -prefsLen 25239 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {66d8684d-795f-4dfc-a302-ca3293b7b3d5} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4936
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.10.1753152378\1194474738" -childID 9 -isForBrowser -prefsHandle 4388 -prefMapHandle 4400 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {49fe569c-dcc3-4ed5-ac3e-a4933275f36c} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2056
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.11.1463212968\779697196" -childID 10 -isForBrowser -prefsHandle 3904 -prefMapHandle 5164 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c3a4821a-5d0e-4199-86ca-51dc25f6ed17} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2260
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.12.46185574\1922109633" -childID 11 -isForBrowser -prefsHandle 1948 -prefMapHandle 1700 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {328459ee-1e5a-4539-af5a-6b59ff63f2e8} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5692
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.13.456668917\255048254" -childID 12 -isForBrowser -prefsHandle 5316 -prefMapHandle 4728 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {00803d01-203a-4b50-96e0-458dce8dff6b} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4748
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.14.157376000\1655867847" -childID 13 -isForBrowser -prefsHandle 3392 -prefMapHandle 4076 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2d6f607c-1d5b-4c87-8dc6-edcb9e1db477} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1796
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.15.658722693\991778632" -childID 14 -isForBrowser -prefsHandle 4796 -prefMapHandle 5708 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {52e68d43-0d50-47fa-b469-0f02f5148e0d} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3128
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.16.1310964084\1605127296" -childID 15 -isForBrowser -prefsHandle 3264 -prefMapHandle 5340 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {446ae168-bedd-4dfd-8d26-b4b24bff7c07} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3408
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.17.677139061\371084245" -childID 16 -isForBrowser -prefsHandle 5636 -prefMapHandle 2692 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {9226c9d9-cab3-4597-953b-abb2ec6231ef} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2240
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.18.391372691\261741792" -childID 17 -isForBrowser -prefsHandle 5412 -prefMapHandle 3084 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {d7f0c2da-1df1-4d56-adf5-d7071d236b29} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3204
                                                                                                    • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1204.19.740641405\496688392" -childID 18 -isForBrowser -prefsHandle 5692 -prefMapHandle 5896 -prefsLen 23275 -prefMapSize 240456 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240805090000 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {cde79699-4eeb-4eaa-bbf9-0643eefecd84} 1204 tab
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1496
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:928
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:1228
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies registry class
                                                                                                  • NTFS ADS
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                  PID:4672
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab8983cb8,0x7ffab8983cc8,0x7ffab8983cd8
                                                                                                    2⤵
                                                                                                      PID:4776
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
                                                                                                      2⤵
                                                                                                        PID:5220
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
                                                                                                        2⤵
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:3192
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:4644
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3444
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:1416
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:4692
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:4800
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
                                                                                                                  2⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  PID:2344
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:4100
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:3652
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3364 /prefetch:8
                                                                                                                      2⤵
                                                                                                                      • Modifies registry class
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      PID:5060
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:1888
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:5568
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
                                                                                                                          2⤵
                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                          PID:5480
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:4160
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:5920
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:1708
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:6072
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5380
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                    • NTFS ADS
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    PID:6012
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:4008
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                      • NTFS ADS
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      PID:4648
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:2556
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                        • NTFS ADS
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        PID:2780
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:4348
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:1800
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5516
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5732
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:5188
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:476
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:4996
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:4188
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:864
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:5140
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5640 /prefetch:2
                                                                                                                                                            2⤵
                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                            PID:5428
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:3492
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:1708
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3668
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:6060
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:868
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:5332
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7884 /prefetch:8
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:4792
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7732 /prefetch:8
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                          • NTFS ADS
                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                          PID:3080
                                                                                                                                                                        • C:\Users\Admin\Downloads\SpySheriff.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\SpySheriff.exe"
                                                                                                                                                                          2⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:1824
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1232 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:4704
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7840 /prefetch:8
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4284
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:3308
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7864 /prefetch:8
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:3300
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7340 /prefetch:8
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                                  • NTFS ADS
                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                  PID:4732
                                                                                                                                                                                • C:\Users\Admin\Downloads\CryptoLocker (1).exe
                                                                                                                                                                                  "C:\Users\Admin\Downloads\CryptoLocker (1).exe"
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                  • NTFS ADS
                                                                                                                                                                                  PID:1340
                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker (1).exe"
                                                                                                                                                                                    3⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                    PID:1404
                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                                                                                                                      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                      PID:5920
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                                  • NTFS ADS
                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                  PID:2800
                                                                                                                                                                                • C:\Users\Admin\Downloads\CryptoLocker.exe
                                                                                                                                                                                  "C:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                  PID:5392
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:5700
                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7708 /prefetch:8
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:5944
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7780 /prefetch:8
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                                      • NTFS ADS
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      PID:432
                                                                                                                                                                                    • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                                                                                                                                      "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      PID:552
                                                                                                                                                                                    • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                                                                                                                                      "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      PID:5584
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:4876
                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:5948
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:1892
                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8028 /prefetch:8
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:3168
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:5320
                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7364 /prefetch:8
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:4996
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,5890635076622311636,16162091784970461036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7784 /prefetch:8
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                                                                                                                  • NTFS ADS
                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                  PID:4200
                                                                                                                                                                                                • C:\Users\Admin\Downloads\Annabelle (1).exe
                                                                                                                                                                                                  "C:\Users\Admin\Downloads\Annabelle (1).exe"
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                  • Modifies Windows Defender Real-time Protection settings
                                                                                                                                                                                                  • UAC bypass
                                                                                                                                                                                                  • Disables RegEdit via registry modification
                                                                                                                                                                                                  • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                  • Impair Defenses: Safe Mode Boot
                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                                                                                  • System policy modification
                                                                                                                                                                                                  PID:5372
                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                    PID:5176
                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                    PID:3504
                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                    PID:1420
                                                                                                                                                                                                  • C:\Windows\SYSTEM32\NetSh.exe
                                                                                                                                                                                                    NetSh Advfirewall set allprofiles state off
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                    PID:5300
                                                                                                                                                                                                  • C:\Windows\System32\shutdown.exe
                                                                                                                                                                                                    "C:\Windows\System32\shutdown.exe" -r -t 00 -f
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                    PID:4716
                                                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:5280
                                                                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:4484
                                                                                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:4116
                                                                                                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:1360
                                                                                                                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                        PID:5428
                                                                                                                                                                                                      • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                        "LogonUI.exe" /flags:0x4 /state0:0xa39a4855 /state1:0x41c64e6d
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                        PID:3784

                                                                                                                                                                                                      Network

                                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                      Reconnaissance

                                                                                                                                                                                                      Resource Development

                                                                                                                                                                                                      Initial Access

                                                                                                                                                                                                      Execution

                                                                                                                                                                                                      Windows Management Instrumentation

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1047

                                                                                                                                                                                                      Persistence

                                                                                                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1547

                                                                                                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1547.001

                                                                                                                                                                                                      Winlogon Helper DLL

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1547.004

                                                                                                                                                                                                      Create or Modify System Process

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1543

                                                                                                                                                                                                      Windows Service

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1543.003

                                                                                                                                                                                                      Event Triggered Execution

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1546

                                                                                                                                                                                                      Image File Execution Options Injection

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1546.012

                                                                                                                                                                                                      Netsh Helper DLL

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1546.007

                                                                                                                                                                                                      Privilege Escalation

                                                                                                                                                                                                      Abuse Elevation Control Mechanism

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1548

                                                                                                                                                                                                      Bypass User Account Control

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1548.002

                                                                                                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1547

                                                                                                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1547.001

                                                                                                                                                                                                      Winlogon Helper DLL

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1547.004

                                                                                                                                                                                                      Create or Modify System Process

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1543

                                                                                                                                                                                                      Windows Service

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1543.003

                                                                                                                                                                                                      Event Triggered Execution

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1546

                                                                                                                                                                                                      Image File Execution Options Injection

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1546.012

                                                                                                                                                                                                      Netsh Helper DLL

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1546.007

                                                                                                                                                                                                      Defense Evasion

                                                                                                                                                                                                      Abuse Elevation Control Mechanism

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1548

                                                                                                                                                                                                      Bypass User Account Control

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1548.002

                                                                                                                                                                                                      Direct Volume Access

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1006

                                                                                                                                                                                                      Impair Defenses

                                                                                                                                                                                                      4
                                                                                                                                                                                                      T1562

                                                                                                                                                                                                      Disable or Modify System Firewall

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1562.004

                                                                                                                                                                                                      Disable or Modify Tools

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1562.001

                                                                                                                                                                                                      Safe Mode Boot

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1562.009

                                                                                                                                                                                                      Indicator Removal

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1070

                                                                                                                                                                                                      File Deletion

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1070.004

                                                                                                                                                                                                      Modify Registry

                                                                                                                                                                                                      5
                                                                                                                                                                                                      T1112

                                                                                                                                                                                                      Subvert Trust Controls

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1553

                                                                                                                                                                                                      SIP and Trust Provider Hijacking

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1553.003

                                                                                                                                                                                                      Credential Access

                                                                                                                                                                                                      Discovery

                                                                                                                                                                                                      Browser Information Discovery

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1217

                                                                                                                                                                                                      Query Registry

                                                                                                                                                                                                      2
                                                                                                                                                                                                      T1012

                                                                                                                                                                                                      System Information Discovery

                                                                                                                                                                                                      4
                                                                                                                                                                                                      T1082

                                                                                                                                                                                                      System Location Discovery

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1614

                                                                                                                                                                                                      System Language Discovery

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1614.001

                                                                                                                                                                                                      Lateral Movement

                                                                                                                                                                                                      Collection

                                                                                                                                                                                                      Command and Control

                                                                                                                                                                                                      Web Service

                                                                                                                                                                                                      1
                                                                                                                                                                                                      T1102

                                                                                                                                                                                                      Exfiltration

                                                                                                                                                                                                      Impact

                                                                                                                                                                                                      Inhibit System Recovery

                                                                                                                                                                                                      3
                                                                                                                                                                                                      T1490

                                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                                      Downloads

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        152B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        4c3889d3f0d2246f800c495aec7c3f7c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        dd38e6bf74617bfcf9d6cceff2f746a094114220

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        152B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        38076ba686644d710e075738ac859231

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        247bf11c36f896ac160c9ce6a696a0b6c4114da0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c9a88e177d69d77a748e107ec9bccb7f2198b9cbe7cc55fb85b45ddc9a88226f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        aabb7db0276aff1f25c73d836f361d9795b23517f1ba70676c00853eba1eb29ddfc32b0c52cfa785edb3ce61716395288a5b63ffb0ab05cc4a39132b583df357

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        152B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6f48cb897e2d5cf1ec97d4b2f8ee2431

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        61e83fb960f410e49ae58b517da35eb4bb593037

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        700d8496273147f65d773f83ff9978f7cd9ced93211f91cbfe345b40d36cc41b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        0fc3cf6c32cb60586128479d97a9b1922f1f8362e5cdd774fa04f817b81cd26eba8057473e619e57bc74aa470c8e832361157eb7e44f73d48f0d760c028a3d92

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        152B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c4a10f6df4922438ca68ada540730100

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4c7bfbe3e2358a28bf5b024c4be485fa6773629e

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        67KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        a074f116c725add93a8a828fbdbbd56c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        88ca00a085140baeae0fd3072635afe3f841d88f

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        62KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c3c0eb5e044497577bec91b5970f6d30

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        41KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c79d8ef4fd2431bf9ce5fdee0b7a44bf

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        ac642399b6b3bf30fe09c17e55ecbbb5774029ff

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        19KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        2e86a72f4e82614cd4842950d2e0a716

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        63KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        710d7637cc7e21b62fd3efe6aba1fd27

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        8645d6b137064c7b38e10c736724e17787db6cf3

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        88KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        386ba241790252df01a6a028b3238de2f995a559

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.2MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0aba6b0a3dd73fe8b58e3523c5d7605b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9127c57b25121436eaf317fea198b69b386f83c7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        40KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        3051c1e179d84292d3f84a1a0a112c80

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        c11a63236373abfe574f2935a0e7024688b71ccb

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        53KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        68f0a51fa86985999964ee43de12cdd5

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        18KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        93bf366d97e489e136f7931918d7917c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        6a877d2230822683f94e1b52d6e0dfab1c1a7a37

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d0f961e1a38d3d350d3a4c38cf12d9a33929ea505eddef66f1c411deff631dde

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        471dd6e6d2c4aee04816b5a065c2d19f99c6000a03ebaa5f90dd3b8d4eb1d7b66b1e47d04319647837c639066af9234df011874e4d227632b226c2cf8a7f113f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        17KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0de88be544f9f60263c81b1a4ac877b3

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        6817a4a05b1e876fd9065cc9cf767c8a146bae9a

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        ad0c96d4280db4253f401329dbe81a6b080dcbaceeceecb624dbf8ee7682dea4

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        094959b70154b936e9f5dd774d5096adda3a71b51291e4d93bda01688f7747143c1c04849b40340c5afbc6f7ec4b166e09f7daae5028023c72fb20a947bd03ac

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8220b6e2d7ffd766dc0200d9883cdd71

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d9366a6915c19db7bbacd672e6366090e196e286

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c0b00a1eb30aee8abc2b40f29834cfc6e68b42389aea5d238db681c6206afb9c

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7b933d01a42a33621d4bde5969f44361b8d9090a979f9c84e07645c33ed85009fd04f9cf9cb9b1f7665360f63fb4ec3663d3e26c96eea7a9d0fe4d7a210ab97a

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        495efdad145c071052c23f88fac3eded

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        98b69d63b1369650d235626bdaf7f60eab138210

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b4fa5331c3b80830ea69f9407222f268c6de59d14f5658e25d73d1dd9f3cd8fb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        5c824cbbbdff0429bb1df3fd7941a5a1d9bc3304ac9b886a30f945f7f6b9bdc0c6afc516c8ba3f4a6f5c301b94f7c59abe2c4860d47d6421b93d9f425020ea16

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        ffc84fa0bc8f91def8c641b8786360db

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9dbf3184c047f8ab8d409a77dda4013fbe5f2a77

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        cc6dab09e9b6e04c35e32f8e85abc93a9f261fe4cac0e5fe94f3f525c33f796b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        f9aa17ab7d6ac01eab6cda32b648dc11cc8de7754b67b29f904ab2dff457d16112265010a2725e140f4ea29b00b7ccde6e977b8d9971f3ba1b811cd0e222fb21

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        10KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        5e349007a464a28636b1dba68a4079fb

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4cdffbd61876ebf3244b523137ff6339ed7cd9ac

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        3df8f8ee9276265b2aed5e41d420bb0d703f23381fc4e46a970c2586813f6054

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        fcfa4e95bc65837687076b6696b78f1c55e3fd285e4aad940a6ef3cb4d8b9cf0b3250f094cb16ec3d58224d802700c8ffe867537e819d208060634f0a626079d

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        a8e2f8dcfe6bbf5e94bdb20f5ff6aaa6

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d2e4b6fe986b064dfcc01e20eb654a6c7a0dd2a1

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        e188f4a604296887283570935719a656f1ad8a84ca5e978e7b95849b4514de65

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        341d1154603176a7c50bbf17ac2e18de746db74d337cff54bf4ec3746f9d5f03480f1a4cd8eff7ec6d6511b78cb3644c0568dff18c85fcb11f65392c60d0b72c

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        d9e6c3de1084dca94c12f33515c387e6

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5caf98863326b6ad0b7ec7ab142372c735bfe7d4

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        39a0437942ee7fe1efaefd75c5e4bcb2d031a5d2e206c26abd6b532ff72bbbac

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        feddd6c5cc3189527eabde7948df7de312a0a09e8fde9a72cdff80f5a0680e347dcd84d13eb705fc4bda24b546956eeaba258aea60c068b6190bb9c265c2db5c

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        2e8a9e9038037843e518dd10b93ceaba

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        b7d797bb9377afb17bc4437e6cd4185c777beb11

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        158002a62a3a503beda46f84a538e420d625d60b417b0b53bc9ecf72b92cacba

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        f973e2cfc28b59fb8b4e8ce1c540c0026cbc76fc001e9631f0e143681bb534b7043307f8a40c25a8e22ec112118223b243e7b749d1ec12074a54cd99ccc3746c

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        f66d2d12e355e4a4714afb86ba35a804

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        93cfadb232bbe0a237d1cf7d22c593095484630c

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        35375f6df522abba1ff15349cc633ab08a3a7b60bfa18f57f1f55b8738952ead

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        5cb7d9784a4988e01a33e441cd692274661ef449901538244ae97251e9f81f5d8d4c444b08fe47db52dea2c285998ace9eccd8cb19306483ffc9efda85662fbc

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        5306516d4f7f9ef77fae9e7024999260

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        44a25406f8d199f153cf27b1f0bcc35af1528aa7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b504dc406c6ae800f206929c2e96f2e26b79bcbc7b2683dced6d65663e6a6b22

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        1a56d218d18ec419394ae730a3f83bc3d951954ef3a242179a4dfc6d81700a22a1632686ad30bf429eaf019064a415fbe4c674f59f210c90dea632989c5b20f8

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        3KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        25508a6944d23f0ac40c56b49559c2dc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        6bc07ecd402815e68209fddeea074ec6c0ecf995

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        209d2a3cd416712270671904002e3d467d598c4ca020e225dd1302e0cceb0cfe

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        67e1e5e86711a2c47b7fa893738fb284c6e8940e79960f4b494be72b75242aab3fd9eb7b1735cb73fb48f62cd4d7074ad0fac04378856e3b589ac3a4d8c1dd78

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        f4bc56501bbc2b2589724467cd835279

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        56f11af3d137f410ce03cf11a0c9c7ee6229bc29

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        311394e17e237105322bab3d5be7677e53efc8bb41fc3c5f74240cc6bd5503cc

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6e33a00b176000a1ccfc9df0b2922024672eb3a22375d4f16f9b1bd71d812143a958baa02fd06f17853423dffafbb41925a30a91592e5d7d89c41e75fc8d8144

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0bc217678ebaf40b87c4c7e8971ca0b4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        bd8254c9bae235ca7562fcbc104f07421dfc08d4

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        8e8d7c6cb6540caa9ac351c9dca8476cdaf360102ecbf56a01287bddf6e72c5b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2d3f03d58192434d241bc5fc53356dabf8b71b47b4689cbc339a4d0d4695b24bfe419fb2a61cfa69d40efed5b7908cf74bb063f0315ed316f2c09d364e2a7f8d

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5666b24e92933f3_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        711c5a51e08602d3a9e7993b578f1480

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4b63c9fb969fc4c8f50978e1a987111a22a2729b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        03d955d4106a844606fb048c9773feb322bb0a988a1ad82546f1477b54d4e9a5

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3b06e2e8c362e2af9682c1ac1eda4268e3f9ddc0cbe50fb32707e883afe8e61aa5f70556f17efeb44143772d470ca0040c80c33ec055a1d62b637a0d605eefeb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        a34a1ca2426446bc734276fd8b5dabd9

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9c5759ff0a916a1e0d73360d9d5dd527976f58c3

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        40f8445d80fbc57d14519777cccac0eb4a8394595a3c577746050f59b478d1b7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2b7f206969a31588313f8dd6b54c0a6f1bf42daf992ebf3f320c2415e9b285dd63bc702af5f2117df8c8901e5ce35258804055b56454bb679146ebbb8dbc0ed9

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f15925c0a386a6ac_0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        13KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        10ab165e683a30638ea72987288b96c8

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        8ff0358111c82988fe219e961686cd8b3794f868

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        ab59b795328f867910f2d2bf2668137db75d002a0d241685d7b2d4d3e8aacbbb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e0d690145abe64181ee83cdedf40802b99bdb826e557ba6161c37a4498c67abd18a06b4bd33cc3bb46958bedbec1a33e0995a5a489b515a0461743bfe811eb1b

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        668b15c9e823018b38a2d8008837e298

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        105fe12fabe455f29dc57bb5b4ed45ddacb701c9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        06e8cca4864179b7f4c53e5424fcd9908b7a5eea66014f4cb942c09c6a1583d5

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3eea8f172d1910d11ff41d3eb54780c5cf6116deb246dcf33d1e41bd5f45963d92014750341f5e6b36b007e5121de36c7ba5a4c458d417481f835986d66530b8

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        eef60e8dbc5f395e921fb3a6691ce37c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5f550f1ac83b78cb7a4413b4d3d7c848d003fd70

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        a0acf58ea64fff3f5f974319616ff27a0e2252ecab2988fe01f412435741f838

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        22840ebc3500ed2023c4cd70cd6b5ce921762c77e763f7570a85209df0c50d67828fe54fef166b2fdc48e016ecd7ed29f39d9904b468b39eec32704c047ae2bf

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        01dc055c9770eaa1187ce22d69158b80

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        cf40fcfabf34d5e9e97ea5b62ea5a6c7026c26b1

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        07c6aa75a681ce28115af3d8d40f1bd0ecf8f455112d476574fe31274d7f25b4

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        1b0d3112db97cf5a29e266c618ca49cfba527615c86a0142114a2ef3a2f6311233f0500af9dfa922b16b57f0326faa5a13d060c412174428d62369b33524521b

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6d7dc90c243288fbe710551b0aa5d227

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        447532e2988c4f8cf20da16447977b974d508027

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        02de3b0444f9348543ae34003fca895b37f2d9503f21d01976ab9f27328923ff

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        17debeab0bcb22a0459d750b6bffd5ac2656518753c85acf92715113b6e22b3bc1f5fb619864946397fd035c45c39edc6a40e2612d8408c1c227fe5b5bdc624a

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c058fa87214cca723ce4603e3a97d229

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d7467311d72cc0f3d40b817ca41af8a22ce797ae

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        8822e6bc4578e367d8dac432fe1513317fe031b9440412597d35e06d2b959d51

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        1551809b7da206391d787aa1efd6ee6704dbb23254c40feec802b93765a4b3cb8b4c74708d827cca1ddbc75fab964503c12c915faca28049355d08f16cfb3ba2

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        161952db664c4fa4dc820b0ae886eaee

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        f6dc511a4155114d91f238f389bbb9ac3c6705cc

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d91a7f3a146bcbe9d04228edb118318093334a978a336ffa94ebdcc31056cc4f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        d8e373840a1484e58862a6f00969e8c5cc46667f630e5d48f6dc06c8fc0e32f2e4aaa2f3fef085da0a7415ad5464066d9444001f9c6ff523d4a96317d7e6f007

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        560B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        33be1ce99c5c092fea94ba15922dbbc2

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4212d6b8ff1d97e2c4155f83b1a0d1a03c424f8a

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0ec07494c1f5d2f578005919c3e62f7b3220ece1b5f77d09892e56cf6f68c434

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2e9402b494c4a2197ba6df77b2be65512a46c0351dd7cafc122a5a2af146f6e9ac5a5db5d35611c826fd03185146212de0b48b3a748fd054841e76023f56db7f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        880B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        929a78be25c4ce810be1cb8689aaadcc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        aae6407c5de090f796261fe52accfbc2d349ed0b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        81505060531e56e865191e6cf2ff18611025a61b774b8c55ce6cbb766d1338cb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6956ccf40ce71eb0e9115f9ea76e30382678818eabc4ee8513a8fda4ad4ec1bf9d46099f1e0359aca5dcb19c89a2211c4baf6392cef14422da3b02b53cfe80f7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        3KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        31e28c106eaa84d919962a333c08aed6

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5340f8eee307f20b912b420fdd35a1536268b6cf

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1134a69a4eb314b6f1f6ccf60ace7346882570602cca8549efb4a73ba4d6593a

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        a2287cbc809c2b53e1f312b20dc024c70378c679c3a7d92fdfd7c9b93a8f129a814b4ec031f3ad943255d9a988fdb5a99c4b88e3f54bbf08766972c4ea314997

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        880B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8722bf04e4642aa28fc58578799c2587

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d6c5e56d45f8a8e238378d2f6ed91393b51d8fe0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        9378162b43c5772ebb4720edd21382489918714e8ee1c545db478eca788f46a2

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        d1282edad0d52f04c9cdb2c73cdd1b57d294b5079cbd0e84b082b5bbf328c68fd049631ce6666b67e1a7c8a405eebb4040c6b6adebc3992b5cb27c4b88e58c66

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        3KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8e7cebabbb1769490282ff2886bfb851

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2d724465f870bdbae24a950404a769a97367ee58

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b337bb3138d17095a9eed591e48866b3a969730f8a952782096744e9c669874e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        23c5e20a539c6c8509fcea5bf6ffa3513174f1f461f593300c4a9336713ba983db1bfb8bd03a904bdf8dfaf06ca2ada907ec986c3bfc9d333a9aaba209654936

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        90c6383f55e91947d4bd18dea0c464e5

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        7ff5d2411a6225b2dbc88ccd3dfedd17272358c0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        a14fc9b25a5c21ac0f88f1263b54ee7386f137dd17b855ffa19b19c685a7fc99

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        85b051e46c21b37bb5d1b37c173e0e3c3010b91605add1a24e9bf85ef7fedc9dabd9848a56391f7db641426fda747687c8092a194890d7ba786ef39261be9d31

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        354eace7b1cad4519ef33bd48b7f3a07

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2c408e78190a5648c44430276b45dca6d0ae511e

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        22d89a8d7655a388972b976c7aba9c75b5377cedd4ccddcc807156c1877b241d

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        f8b21908482e53a262b30300bf6bc0f58f2c86d7ecbf4a4ef186f2c0920055902ed953ac5dda0d83228d3f57b16afd16b39d9f24abf2bacdde9d9b82a2980a13

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        503f4db85ef84239070cebb030799b25

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        8d8339db08b3b57b625235f388a30572131aeb0f

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        05546e164b41edb6972b9521d0d51251a01b89c19bf11863363dbba3c00714fd

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        c0b5a9df5ab70601c5777dd8cf6c111594a5f2f5e249701153dbc096d51445c5ac3fbc32c156046e1fbf1000e7f1f9b325e3ee821b2e74f8beb9670024323e09

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        24d62999f3153fc4b026539b9ffe7c0f

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        b6ad6a79c99195dc36b2832d04522a7acc6801a7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        ff42d265b3a62d25228f24d5c3b239f5e1f3488f38355d573445199c17c1cc36

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3b33c56e1a8c0b706f1c5304ffecae73c3eb099024bc160b613d17274b1075ee026d349dc413a6a96de98decc013d0ab7ddb17c748eed82e5114bf46b0b58a72

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6f8f095c790659694cf2bcf8c2e15596

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5ec951a18a1546143f490a05d67e33a720692d59

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        fa2ff4747a03d401ad81674ae2734f1ce90ecfe7553cd9b2886baee988d2526e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        72fc3e369e4e4f4fffc277c6fb2d34d5b3be5e1d655a76a8693614a17c5055cb7c224145d8a06194979700042bfd8779a0797e40f111b8859de2add8298eb507

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6c155e39781fe747b789114ab3b458e7

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        7afa9f51807c70cb827ef5b6a3bdc9f85c8f2281

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        105e51d5ee56b2a11ec285555f6f7843d60a647a5088620e5a7d82a2ce7a642b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        a46cc6c925eea84a243c9feae71753990caf9ec606c7c40e56ff12fd70288f79f4bfb1d9b2a82a40c11c76e493b13759d4e671ee722ca17c6003223705715bed

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        18bc5f7a53f358fce0b08564f71d146a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        837da4f35bd1ecdd8755d34b445a0155125855e9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        3c80c12d7bf5bb79414773f4cca70c1d7d277a3aaac1f329a9124f309807a58c

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        a07a6eec840996b0f9ef5677ea060b77a8760603923506f652ca8c7e8c1ff5e9e0acaa5618ba61d81b80d013dd8d09e1193fb53ad5b19ca333a13dc208cc64bb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b3bf1775b920236cf2e4a3b6c3bbd5b0

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4ec107c6f1eb37f10fdfebc933414c3b6692e1e2

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f7dc306dbda856a8155656aa96f419a9f635de24c988e69c4505ceab03ab6ed9

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6cf0ef4cf857582cdb095426b3770e890763d9caee0e7a0164c1e520d7d8d7888b546ba59b196c2faac9bdfd1aa39a28e160dcd9f64dab3b10eb70d394826353

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        2267e7d3b0b24aaf50517ffcea02027d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d143ed0a1c7121b44cb6f62b30c1087d9cd55241

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        6b8aa7857210d153d0733ad1b7458de1912d3e3f202c900377a60d395835f5e3

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7857f9129dc7330b61ae3bb9f8e22df55f0bb96f37f4462610c772758fe70b7f3fc3a85110d4e7b7b0725ac1ef0324706753401a4dca075238cfe690c0f812c5

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        1389ec247de1ea4007b4398809c5d598

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2e38795b39793154153705a8ea35fcfab79841b0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d46a641dd23283f60a5e673ba31d45714de6738a9260673062fa6c24e1129051

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        0d37951b4c56ad06885ee8cd300846cc06a98be6c3134ef3cfd3d8bf5ce5f2709668e146c2fa04488c79c400ed9c2aa8868311bd9bca0fbaf9c7e67a258454d9

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        68bc80b483c0d17da803582b79e94080

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        cca09f2a4cb8b27e59a3366a33eb61d526ac3cec

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2b23cadd7f99fff78a4d1aa0f214caf9ca63811db803c6055eaf2240f995ae05

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        d39b1f18cbfc5cc96a83c16a46ee36009af1c94cb39e81666440fa85b13d49047af3c405b3e778c195c4874406fcaa695d19f517d875d5c631c291541ae5289f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        56ebce283aa5d43c96a2a78a2796c5ca

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        874f77e7605ac94882edb24f07621dbd92f37207

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1a008c5099e039af1fec5133b9f993e3ea3d400e5de4b076a88b8028059818bc

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8c6853ec3c9ed966da1af9608ec89a5eb90986ddbbd502fe5872eff6674382153a2caaf892278e29c76d6b81c5a8973ae706bf6e2110462065820b6beff7de32

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        996431b91f37b0fba077499a43f1ce8f

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5e355ee71d4980914c5632094cbe8ccb31591769

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        10197077673f7ff4a7898caaab97b5ea68460aba0423b778b6547520d21cfc9e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        4caf1f791df9c3281ab72851517d27b3c16783d2386d60164d4e79a5e4c0477a7060f7ba346869811789e09e4ac6e46d2192085d5db4138d5fe50686160643db

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        e7711b41a8ea141d28d69181b433452b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        cbb9ff7896530aadb6f66b0c56cb208f599caffa

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        459370ed4277f26214c0a06e4de1a4f3cd0f50e714c3d90daf766977ee3a111b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        f20702f50c03e9dcbcb997993da0d9010e48051095532c69cffd1039ce0fd4e4739a7da050447aca98a59a26a9d94c10b58480c74d3d359a3e9211653cea857a

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        efd516bbd784d0d2a95374c39afb3b6e

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        bf47e14217bbcb58270bb2dda3430986b1694806

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0f0432afd5c7f4da60b890648334fbbd9875e1730b596fc6db103d3b87939dd7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e195cf88e6b6ac8f6b217e220c922cd3421f2d861944baab77c84eda0f2da4574065a71a64c5cba4df19e7a8d1008f6d0f95388a520f7b4217eda335222ad85b

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        87d22326fc2e40d2898f317a3e8426bf

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        e6b41c0ace454855433797109c47b790f6ec8b8f

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1846b5fc65de32ef91c12ae1fbaec435a557c3fce66da37742d411afd80835b6

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        9314d2e256fc51327eabe8f47531e94db9b2726d25133ebe20889ccaff76a7d15a59962ae4d705b5c3004a60a0c9afa08f3556417b441a0502524414961eb792

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        10d674351d2d2af75de27b65f0063984

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        a21bfecce525b9e45869f2353732a6c1b96d5edd

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        292e05662ef4988198bd6827138d512e9ebebeec7709f01c8e40678108e9cc34

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b31ea23dddd55792e2746e7cdaa743ecc83039edbf32a3a47f0d61ee317a5a4107492f8e5d50f1932b71a4377d5fec7996a1a662f0e139e6740e7d8763b2f6d1

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        8KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        847f3053e130d6b8cd0f16f50fb16340

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        e1d10657cf4c5c1bdf5874dd76f37b6b2fee49f2

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        742170bc77988f6856f6425a3e0dae0bb4510a30974ce4187b29524e14da3257

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        c0c8951c021fbfc88a32db4087c8bcf6b95fc4e41308303c738a7d5f7d93a60c29dd42cf5b6157fec692a0f5cab712b86b48a5b9daeabb8b71b8b080bd36c186

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        1719edf136e75fe59ebbf13ddf38251b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9b24d80d04229ff3541bd0bbdc274d585574273f

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        64db7535664402189a0700c101fa94e759705253b71cb7a066883c1f512c4530

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7b410a0c6151c83b662ab3b180f64ec89057a4a5d0dbfdb1835dc47f68973f67e942643a3bf562516c3d8ebc936be9d4a5bf453a77efff4f3414b71927520c5f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        76063122fc9d70c91d49a85a1246c1b3

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        008c8c406734ce9bf4681b8844fbff1475e939f0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        9b76bcdda95eef6a170e3632f353883f3af75317ced525137144e0533863a95e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        225897250a9758e36a4ff2d494f9273bb5fe9df8dbf1f2c88915d1c9616b539dcf2dec7083567b71e0d79ac032ff9775f1fe2c4b7235e765e23970dbca8b7daa

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8282d36ce8f4cb4df96bd106dac336dc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        480a9eb9f534ec0363e3a1f646efc2118f48f15b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        3c5034222e783f295d8787c9198f15326a5488f2b4b14a80ba08acfb35ddd6e1

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        dfc3d5cec704791e147729420d554dc4d4705020955c0a579c9e32fe981e99ae1570ea9df1a96b44e81be44b309c2eea9f67e154a5a74a4f413d2e310751aee2

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6caf90891f070112929d1e2c48301cf4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        37a76498001df010b7f512dfb5d1a67dd117e8fa

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        3293e7b49a38cfae1bf53377c894fac0948d5f088216a7e474a90d2b18259120

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b335a8bbb16440c1fe81668c5f1455d5cf2b00dec925c8d06aef9dc2f7238ab829df34f2bfb2c4fadf15de4965db9b7c7cab118359e6908855ae3a10e027e537

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        874B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b8cf43bbe2c84841036ea0804703edc4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        6e83ee693961e18b5bfb9c01b09f904e4289e68b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        ffb2abcebd46d5ff9fb97f0b8426310953aab5de14187b234df501855735743b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8258269e17cf0da77e377cc073f22ee3db3b582d6dbb2a3537b9977daf9663b22f799e2f26c85b2d1f6076ff72c162cde8897a046b5eb4e8c4f6d91efe9e25ef

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        19b65728af344cdaf726f2dc2efb2ad0

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        f9547bfc58ce29cb23a01fe4d6f9a6e31c1e6f95

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        08ac0459aac3c9de5e6a7c0867d84164a6f8bd3366bdcb9cd798c15c13cf8103

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        13c62b2089e79584dd0a9672556fbd608741215aa77db19de1b6e5d33ba5968b7d1288a322ef9c7b2ee0b7867ea3ec8b947ec75c7cd5b8c93265bec7343abecc

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        bbb47d29e0fb8be3b9a79369017d5677

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        0b158473b7dafbb5d0a745c146d71d1363d45fe1

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        a46b31b588fc5be554ffee95d1b22e378ad3ad9c3c8645f4d1ab4b76ad0ebdf5

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        ce3b505c295c844680431df5860bc5d66e1eae74440322f962822feb1a276a296a5b33bf7c0281c9df0f8b44f4dd30b6201470ec11286b542b3d1f899d72d7d7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        cab70e48dd6e5e0fb6c6edc8ce0f36b3

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        3e74cba8d9709c503bb3d4153e8fbe8b1da031c7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2ab52c753c47216541f6776dad7e8ae509b8206061eddf4f363d53c7a280f8c9

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        69db81e8ce7393c96f504d12900e8d50fcb8ed56593c2b56709b615ba5b46a13bee36248959caec61a06d82abd800f363e14ccbad7f8114a7c39c74b40af27e2

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        4162229416fda0ae4b4d04a087985814

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        3580655afdafc2e554cbefed170fd60c4e51b869

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1ad38a1f76a4530e45d0440f6810baf59e4a17db6046199c671435f7334b09a7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        78fd773616a5fd99f55b91c594515e39472f7114989d5475611d1ec03f1d81c032bf43d3290ca1016ce0f1bb3a158e9ad8ad450bac903eeb855039b484d882f2

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c8e48124f2dee61d7ae03a50f2fb1a58

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2ea9bc5ae70dcfb59d2d27f96a196935477c4aac

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d5f98e4a0a7489ed3522d8e50e4174039ac39338ae1f4ff182763f2798240b41

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6795667ea10f455344925ce08a87820a8f34444c99ecf23d393068a3ac4494ecceda205a6ef3a2b9ec021ad50b32d7c32db5df999ca856a3d8f3767adb441191

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8189bfc86554627e5b0b3b4b14c3a43c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        01ca56f4196da614129add6c00c3026bde867b2d

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        54df86ebd935a73e38088a0cbed9c9edfc57996680e328af829bb900b5d54851

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b44186d2b95ac7c474d2f2bb2519b60585e4a2d6cc60010d0256cd41f78c0b0feccecea3419a5cdc4176d64996d7f418fb4b568167a3cbbb54ccd03ac7434106

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        16ca12d6dba91d21e649b562caa6d5cf

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        35bda71a3fbf60d375b09123338337195b6664ee

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        a9e640d01f2a35a12bd76abc498fbb5fa787cd13388dde0384e740ba24cd9608

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        d4490f3954d25a7c2ac116035bbc66d93bb45fa372f7459f1af3cecdc4ba9f161e9a85a7a7778cb7fc363c5ecb24aa40897bcfde97ba52f994848b6963edb581

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b0e8d93ea634fc3179ab9234be442be4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        8509adfd0553b378f2ec74930b995222702d18ef

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        52ed30c30e602e44cb2e79cec1d9c9a61c047099c0013f8bd42330366da9ad5e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        bcd35fe318beb3a07bafa75323e55777c4a1df7c54e826d16cdd5dd0e159cba138c776fcffeeba981d73f90fc78f62a10fb9d27f64147fb1d8383ef21142a503

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        84bf29362bef0412e9fb5e0d78a9fd6a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5cdadafdd6efa916d5a00b9c9566dd6a122461da

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        fad134c7a5c3f7a9d9d36e0ead7daea6ca5c12557b0e2b7403cfb73eaec13a0f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        59f5da353cd9dc71b3d4158d864e0a10b375075b74e6af257f54a15f78fbe28ac7bab118ed5331cbf143777ca76d5c88c9b77b5a3d1e1a6802cd59d8a2322243

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        4abb096bcecd529bb1ba11db047655dc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        a970a8029badf55d2bd1ad6adaaaf1d20d9b7010

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f9eb6680541a10c7425a5bedfe8c95cea3d2d871527e20405e476d7ee69b2fbf

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        4784584695056fcca3054ca70c526d9b4ed906fdc2bad4f266c4e6c9426b4e7510252c256e57bb64fa3a73d4a93e8b5b803a4d3865f8dc59f5ff58f873ef9451

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        aabe95d837c3c7bca06a76bf505b4cf4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        7226b44c01a54ecc816234136fdf7b9bf6a64b29

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        9c99cf4ede3fffff0d53b86f345ff159e15b7a3064f7e84806369d2a4a5a4df2

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        08edb6da2172ab9811fcc284f91e5beb43d6ac42f5b868b01c66e704451d59a1d25922be4a16d8108164baca1a55a1d596d2633d1e98552ef8c6d4b700b1aebb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        fc24990d23ff089a154e85fb407dd358

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        c3c1671c7ccee290a3b10633977490d7577da765

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        4a58f4d65c3ce68da7478f9ed9c9eca49c7323c411bedf703a707ab1dc875eef

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7fadc483fd593a3b307517add29231a96cc747b385d932cca53002c2cf51bce2bfe2cf40483dafabc4d610a5ca329a67662bc86d004d52ad06643718c750e6c9

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        22b1e6c9b45c44a1c507cb3356be1e28

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        31ce6510bf35cda1badb2ac2a569fece2d291d39

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f8572461ed397d5d2e06b0768a9b67d0938984cf8462fe1151fd3ab8bf52ba17

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e829cff5e064271b274c928b258e258c4cb30e0d61ac2e3f9c883c811c54a1b1b59038d93da34d51856b596c9e1c8d38aee5cd6dfe3a1d91460050674dd930fb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        ec448ad3ee6f87dfe9110a3744577270

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        10ae615f538581b60f3145f940472b877b947187

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        771cce9914027f2db3b4f5ca242a7bf86d8a7991e9792f04ad995ee7d63e4b73

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7a5cda840609e0e2730ad12d3760d00e9847a716b0fd52cd7187432da7ed0cbe84c0dbb421e39d9b5ad05abbdb9e1f0cd46ca26e8517fa6f3585cbf0085e709d

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        7b9696dfb0dd22185ad7f881c9a0615d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        f67cab3106b50acd6a945bf8574f3ecac87907ea

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        00de9eadd8511e46bd842e8e23daac44e8d0e5f21e820c21bb51b50e85e17b27

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        00bec17bcf49a46a2c661a143fa6e84aae11daf22c83e5ee0ff0cbe7c0993fe7e4d632c27ef0548b031252ddfdd658c6673b66051482c952abf264fac24fab55

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b8793ebdcfa303f747bc55a93fad662d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        a36d467b8c82b34b37b29c72718f437ceaece619

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c0099d8584d76fa1322944979791b4149ceae078614bdb4ea802968bef4e3309

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        5f54d1482dea377180a48273adf8db65106b9cb61d9d1a8d333fe3ead0f8c133df6950d84971bb604181e5ade01523ab5980c6f8a0c3479ea1dfe99314fce3d5

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        3aec2a2ae8f7b80d570128e844b59222

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        e45cdbc2201f6553a7667e1d2433d33248f24f5c

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        37452528cdbab7fafec8c7d89829bddddc159c3504f815e6e45d638ddf100164

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        9da3cdfbe682dad9d18582911d2674217ed1e38f1177684e4066cc458a2716ed0ae5cd6591842a27c76b83a792bf88d7eef9dbd1e87fa200c38048f422a21001

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        82794b82dcaa4157287d4b35dfe897b5

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        37cc91dcd1f8d162063e18413ec9a1f7ac83ab7d

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        7c3eccfac3080a17648758005fe734022d82a3ad32cd18701a770f5b5f62ff21

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e9e60b5ecf3681e9001b34991001333196752cc517bc6705362df24729ae67277821186bd5e444f4b030b75b2fa11bfafe648fd6774ab729fae5020173855720

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        1f8fecfb7aacc7e04eb23d16f0837f9c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d77f61cde4b2b9488b7639b4a247f95f1e8b64af

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        7414489be04e0d4d82d919faf5df3b572540fa21a0469f4526e04d8c9ce8fbbd

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        bdf27d591c151d5220a718cbf7feeb3931f5a92cf370e7c3c5fe313d329bad3ac59436dd5d513b56a237ef22c76dc80f0d5747a27611acda1a3a73a7c69a5fff

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585167.TMP
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        538B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        09822406b0e1ab9579cf0c376e9eb52c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4285a81a118aeb5dfb78450b26eb34d9945cc637

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        95352550ddcb078652b2ea5f0de722d946cfd1b55bc8c454a62464b2a6b98638

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        9fd75bce0f5caba188942716f7285a2471db53b16a96ff6b72b21a2a75e5f09f3081525063c47bd9d7a08aeb16a0b993b2602c362969f3b6ffe7045b2ca7d636

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\5d2a58f3-d932-499f-91d4-31874c37570e\0
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        10.9MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c2c4450dd9dd82f2214c555cead43118

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        af8f5b2955f2f1976128d08045b35d6c939495f5

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        838fa0b08fba45c99233254dd2e1b02840c6f2c842a3848ee1fd343d0f3dc6b7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6e30efbaab63f33776e263a72a42a52fa15cf145edee80b129b50ac80be97411285dc1263cb4609896be6150ba49ba59fae3f906e9cdf55f8539da0d79837de9

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        16B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        16B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        dab3b777de01cde6a13f05ebc1e3b8b6

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        46acf927e21d29da347530adc78f8c0d3493542a

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        33fb28c303691cf8082f5541547b152628995618a7a1a89125b49bf86b5a6729

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e646aee902e6d4946c714ff50f855b5da24acab4e16ff35e99f9f3fe1b07ce0ce8984451bda36418c10f18c4930f2bd3fd6c56edf209129c34df41d016bd87dd

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        cf52109697f9fc6d14e7c11ed580a94a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        48f070f46c8b94f8dfa5b6f6bad3729f27636cd9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        6a9e92c8f161d882c46ece3ec1ee6dbe8d350f4e599c53a8678817c8d2f7775e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        01e2ae20a201afa4044cff0eddef42705d6f9cc7da263442ea5d572ebbe1c9a3c9cafbc7dda8389f42aac2ea41d9a89a07242d5c81c18470e4f6568ada05cb01

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        a2ae6849466b63e879283d0895e19d02

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        f70eb3279e98c489bc9d6984101213da3364f0da

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1d42a3738e53ceb333a92120351b67de35e8bf645e3916ca05ecae196df00f73

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        ec0a03b513303d139fe26bd5abd9cc043dbf22776cb42778e90f0cb3946f0d894c361314cf5a4ca8948c5e6a4f96c3ce86a4d7c57f4bfbf43517255dba50f735

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        2ee02c80bdaf407e50700f80b65e912e

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        bbc9b39c6c1ec60921ddedb5a14f688b36ae6826

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        8fa5c09b7260eafa06f8c3e8409d7ee1034177022fe010fa3f0530bc9d5d818e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        be01f61727441f5721f2efee90ad2b572e1a8abd3bfc51b646f76d8f7442c346c3987d905b29fc9289746c59e2eaa0455f9f46cc044ba88519a4f68fe421f05a

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        fc7369fb11bb49db3bae35cc5f8e2d42

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        1f587a56fe8921c53dbc48f4d451c8470dbbcd6b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b34ca2322079278ea73a870651ce77df1cd374f80359f6b86faee26f47fb2e00

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8211da405fcbf8b5deb4fe15d6a65f872323d954644cdee5e79bbbfa5e31ca288356b8f49d010d5ad6962a838e98b7112a05368fd04925c981e609eda1ab5036

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        9683e4f2675327138de44b1bb8285d73

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        510bdf03a9ed5fd088f4141903f90cd701b14953

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        bd4ecb7eeba36812cf9f6a41fdbc91e39291f32ea08daa1a16a92937bac4ea82

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        a817e30335ffe451dbd68e011a4875f7e1a0ef9b3230cacfc1f745cb8d0ee0a0550e735dcb8e22627d23bad299bf7c2e8b38623197f5ba7b391279539ee043ec

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        95ad20afd9d73446bfbf2957e3064677

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        27bdb1a21e3d65ae39f394290c9f921d7e57082e

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        a3ac7d185ef6c5eefe83bfc8fdc3897f2d922adaa00502fccb742faf9b97b262

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6377885b01dcf448c1200eeba68de2901e5bf6ccd9300e5d936f61c5b89d3c554470e5c8ce0870ff7a6c8d4737d85ba1c54872ea88737575dbad6ee4d0e31e8c

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6d8c094664cbd77bd201556925456456

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        ba6a2ad1142f35105ebc6f889c1f1f22b11a0348

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        5d7ec2a23d49d938dc48130959179a7d7d4630136e5f62d928ec7b4245cfb711

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b31600816a01616ccddd79e26c8540b5977abd3c137b45404fac08c37368ef1f3b791656e9ae4cb80d3abc77dc43037cd96cf94689fae2e6e7547cd9de176ceb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        2d0bb1842e64076aeef0630ce04b6e4f

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        e598016f39f0a9986c98625c04603de83f187f5a

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        20fc0a71fffc9ca4faa612435e9f61fbd602d1312c59dc63383d0c2cca868f80

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7b91da02853b3b4a63e645a30305665cda43cdbe4439f43b8c38b2622930168aab092dcfa50b15ee5a9fe9938108ca2239c32954dfb4d715c8a69586ff68dbd7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        11KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        d813f1eab40660ea8aa12276dc4d7658

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        6a1b2ba439a2be44e94df80554159b985623b4a9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        87d07eff3ed8ee7fd503ebfdff20059a8327d2e28e9531cdc1e793dd649e1350

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        4dcbd6e43171c0a2ffa81b85baa3d01fa6490241da841232c1d8a3273965cf6e831c7d4a5ad7f0e5d0f2a81c3a112c61948edb0e0ce99f7257da61ed32ac2b1f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        538B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        fe9e050b7a22756e9be200a4b3dc6d33

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        84254cf742150a1c5f81e2bbac01e3b98a740dfe

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        13d13bfa2006caa76d8ea6ce7bec29b27d19894ef8c6d3995240378df0f0a0a5

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6db2f7706a2f1378f3e08460492a9475753644e830b147549a424fa81d6b1ab5f4cefdb4de9906afb4134465bf53dfacc109bffa2d140a6a562ecf5ee255cd2e

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        cef01468dfbd153c8724d6d9b71fa7fb

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        fd2d9ca621375af113eaad9591344e7405c0a7ab

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        53ac54b23b87183d9b7964d775ca4357e7a799220b78eb0dc9fa1dbf3dc01ae8

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        94d6feb772ec7f46e88c8e15ce22daee6b8e17e774b6de05f88769576f0722a56e97cac32600219f8ead300a09b16b4d2a1e3326453e04f326065e4c6bb6c225

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        e3a01ed7fa0a7c030bf529d73224cedc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        0605bfab6eb5ff6d5fb96baa7d7d6b5647dba375

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        84ccbd44a448497749435a3e9e49a53621065a6eef60ae48f29f2f3994b07c29

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        4795248e0492b496b1ba5ca7e4da68df847a115bdfd79df251282a11e4fb61c78364a5257fe5263ff5108550495384825fc86049be1da9878f0c767558af60d7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        e8e9394c14da20c9714c630c2c9f400b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        7869c5f93251333b6f1ba13672560eb191d3c2d9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d93cccf5a779e8befcee9d8b949ead64f3593a075b5b368dc012aaaa2b4b5736

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        378ae7fea8f525b17135e234c8637d19be2222042dd88e45f106b675107cf66a38150bf49541b33d584968f67ee742842d6de0f5636a66d9115889fed39057a5

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        22430c70ef36b793a2d592830bb62ce7

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        a7993f1ea1b8b92d210c1276727b80bd7763ab23

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2c19ac301c8b951ad46f620c5608a2ad3d504e1e2d32f7cec7366b2be2338ff7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        c188b050262d1a504460744017d27bdae401ad67848360a9f1e930ede39c15332846b372b33c9a365c1f6fe0b878e78bb08f295a54f2793a5c3abe12d978bfdb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        3KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        ac91795a73e5eb69868c39a0849558ee

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        46dd21fbe014d0742bd47ccf0a03a26ede9e4e58

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        57f2ee230d9639addf1ad3650fbd73b5fc3634ea007da03520f652caf3c6e65a

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7df0a23595ea84c869f5861e5cae00ce7f40c0534d4642234977bac1262421864b1df02be773fca14bbd0245fef5dcd48591d255648c3e320227838055fc2d50

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        3KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        51496ebfe8a07bc43a6464ae03169ac6

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        47a1a2b8de8fb178bfc1d8ec28f705d7cc648d5e

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f95870907fd75cf3eab054f5ae8b3d8c3a6434dd778bbdd21143378bc761955e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8e421255f8d0ee411c4b0f1dab0599ff45d0c7b94d85ca958e84fd66144c6e23a148ff500e8accfe79711d1c953d3e4b6fca588a1ee2b8a940e08b7417c4d3b7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        7a68770b7999199e4dbf409ba3efd88a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        df26f3a16fe16226c6e018805f619dfd3ee760f4

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        7c97c7a912c9d6724dfa8ccaadd4e6fce070e441384031e1579d8e4c47503950

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        de2c2827e7ccce238a821893c47c071e788fc1f102a2e9a5d8fcad166b78b4793b6f889e30eacfaba757b25f84aad726f91c5f161e55ea7ab0a19766c4dfa2d7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        74c2c451bd47e8b3a7b9e05784004cc1

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        b92d64dd8f8174ea3827430b7a8f764abb95c54b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        301ea67a448bc2b88c8e4be7b7594c22beed117ab780c07eeb2f3a2c30829163

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3077408fb576a07bc4ac5804ece85a200843c1a9e1b799a342d552f1b1ed690139d460f01d9779cd9e1ac89026f70b194adb4c97299ff12dc0f5a79cfc42663b

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        5ce652f6f3abedc2b4c1b1cc3ab384ef

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        1e79770bde7279f121a9e8414d60796e3f73f2d8

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        80ffe06ca5146fdbb22e69147138fdea3581e10f8abc131fcf69ba6ed791ace5

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        36b4616a2fb6d3d67a25a772f5ad57375627a29a981cbc49b2a6a87e1c182ea6246d1cbe783372c23265927a537be2c2d78e64345ca59f33123105a0dff950ea

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0779a4e9e0ea4418568e66afca09f396

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        233c97a9ff040824a4a163fc05320067d266eb22

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        ac53698c82646e07b3c20e71d17a331d5820c18bfd221f951d356ce32df563a6

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        26b9a7bc5c04e6b1147417c6f3a01feaa2193f33f80a95a886a4d4a8da262beb0acdcb269fa5c2ba3f091cd1b589d8743216dcf381306854372f4b094ef12481

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        d52181dd7fa76ee9f6e4e1437c44a297

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        cb01f8ecdd449ef58e499de6367fbeaa1179f9b7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        9aa7ba91be969949692d5dd47cb0376896864d3ffa8665df5b13c963805befed

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        1a807bbea8c376599cdeb2423143d3103ef854e62d5a0241313201b3d94e5a9d6c7d392a345169a75d1e7511ddfe25be6bb9913aabae581a0f99f27a5bb701ee

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        cc82a5e1ce185f9380fd1eddbd4420fd

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4d7708462aaf968b695cf91c06f875ee9be72fb0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2c11b983eea361a2a2f4ab64a700a68233944c83489379e7fd91492f3b17ccb0

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        3f3818f6984da2d5148f80eb28161ad51c4f061c6e8b2040e32e3093ffd65647336852944218aa4954c68caa95be16030b1c1ee29aaf9770c7eb766d01d5e6ec

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        bc8ef18f0e2ee0d40e1ff7661c2e160b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        dc60b0cd0a751dce01f842c2a2002266a814e5f4

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        232fcfee87fcb299399f38986b668573e21cfe11a4c4362027b397b16d5a2107

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8e2d09726dd67828e6610e91790564758e701ba2d82cecaff18a1218ce2339a0f8152c23294e8de502cfff274d21fa735dd5063ec74c7e1e708827cd82294ae6

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        f8a003e91ead635256ece1fc7bf0f410

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2bf4ab4f585338a758dfe3c3c5c99f8202aa889b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b281b3c366aaae8b6d7b047caf821d8b3e1ec133fce78f7e6612e1c9fbe7429f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        a1d86088498a47b9836ed25ede8247449f47260b805b34b5f23449f32999b0a47476ddf62b85bacf8d08feec1443d92e47e369850674b9b17c5744608cdbcdf7

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nso8BAE.tmp\LangDLL.dll
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        d02e216c527f97b5cd320770cbe03a0d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        76a0bea3650c393341e240231cf999d11a3d8eb8

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        cda679d62e2852d900f412239e7c01a64a928db6c0cc03b8fa0c1eabdfe815c4

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        39d99ea0045e332f197f0d6430a71adaeaccd1c8e1028ad997ffa5527e5a0fe5dbdda62e02329ae1824abad43eedd64dbfb05a1e8e19010745bfe8d53e83d990

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nso8BAE.tmp\System.dll
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        24KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        62a6f7756aabaeafe2eaa8a1b19eeb99

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        24b7ec2cf0712f03911fad6b7ccf933e0879fe5b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        4c4d8324fc74a61ed5477b6602fecd1f404f524e6c17c6d7a0b682f8521a29d7

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7d30a35811f4dc5e3c4714224ac2b143d17f6a1de744db230b3a74409c6705233831e340b13d468c612b9e924cf69a62a15164e601e62609c98a46cf4ec0562f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\nso8BAE.tmp\nsDialogs.dll
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        13KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        6cac9c4cbadc065beeebe16e57279a9a

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        26bcac80ab11c56d8d9de74a85ef2314044f96ca

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f33b3bfbb97fedfe2d77ebb894c7db5c32b8905bedab6c58248108021cf96bdb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        854b505ca4d17127fafabc8e4d903e097b6e77d4adcb2873185333a7fac68d6e903b2e8f3ce0df639ec3c44feb3666489405ee74d49f512700ab86cec4bc9e44

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmp-k4a.xpi
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        932KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        3cbd8ce0bc99ca33c5025304b4f1aa1e

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        b3e5dcb7e35577e3071a0f2eba3f897edee87dcc

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        e538163118e8e9dcabd6306b8a9abb3fccb556b7d87b68e18aa0997d121ba00a

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8275da573d382741a59e9322e589f42f07f01c5adf1927016843ed57414e4da4f25a9726ab4a1c7b749fe0b5e99f7aeb22fab1b658a0a593686c2651acd50710

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        182B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b1c8aa9861b461806c9e738511edd6ae

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        182B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        63b1bb87284efe954e1c3ae390e7ee44

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        75b297779e1e2a8009276dd8df4507eb57e4e179

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        27KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        d3c82f57f6727de2a7115cb19a474513

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        237722a10bff700f99e94e9b2ab96b88de170fd7

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        80a542ecd2e74c3459f5aa2a5b3bd22d458169ce094b98bee3ab7c4a83358789

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        269cccffd0c9b7b613f7bda08e137528ad4b1d04bf2239ad2aace55698c43a427ced846bab19712110bd76617c5eaaa48a14e69ac759aca2d32bf97e6054a84f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        7a24fc3dcb04159a32a836ce638f9e6e

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        275dde89d56a8d98a97486c0b4425523f094d1e1

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        90b1d3f5a4e72872e4716b25bda96ae4520d64ad65cc77f7f6f7aee435c86f99

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        5ae71f2501c0e267c88417e28fdcfecd9753ece7250cb8ac7269b0236bf7c810d0009b71dd83ff0d705055ba2ed8107a9b6118dfde69bff740e95cb5763757d5

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        6KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        7b16ec44dd3afa35b9a91beac35ecc4d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9fe5d8e0125c23f10a21866c5cdeab36f520e5f0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c3f06abf25bafe3ea0a1fcb3b2bf965953d62ed18118d2088d7faee924539e15

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6aa39c75b86f41f40b5e61faca85a1da735c12d15decd5aaa2a0e241effe75dcaa42b664c2c623b990c84ce98babfa37ed83cf9dd447813e7d3fee6b5fc6e7fb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        698a4fb11103d164d075954772551c96

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2e7ef4fcafe8ca561711826cf341da389222dbc2

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        b3e878400513d3f1c512a9e9d1c04430f21c9d1be64c53334b4006c7e4bbb7f0

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        ebc455c64126ea5f22b25f8fddb8c26e3063965e6751f12fb06050f9475cd00730914bcd580d8a1397a4b7be470fc157b1c22abbc29545c2aeb5c16248c9fe77

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        f58bb14ccf2c5c466452602228c028ab

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        2d567e408ed6eda4ccf22f53c610555b48801e50

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        6906a0f3acc1a6dae75fb6f5f8a5ea8e306de9b88d43d1b6eade44e14c29584b

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        631ee60e2564ae6859b4ab74759612f0e55c2b33cbc2f633b49b247769709ae1f45bb542ef3bf71e1abff2cad08da05c95ea724bb019234cb9a2641e77895dbf

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        212B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        29ce37dc02c78bbe2e5284d350fae004

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        bab97d5908ea6592aef6b46cee1ded6f34693fa2

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        184KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        dcbe17435b030d1292315cdbc7b9786b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        5c48f26d27fa3d9c73640d8b0c2b5ff2bb42a28e

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        5417f542b8f25b75ef17554b7ee79d2b290559cb306bb4fab65a38d9e2038431

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        ffcd120ca883a3fd1c30f5b6e1fa5996bb73551407dca7732ad94fbf0744115d365281d4464345ab56e101d91eeb6683f6a18ba57a2c0906254b5ad46742478a

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-certs
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        20KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        37a27eb02828a90626b7d70c35eec048

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        e1141bdca4266ee4cbf0f1f4479d420de30356c5

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        5ea3123e560fb10d9c5937cb118ab0dcc1038a61582d91f1858ec417d0a640fa

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        182135c4336d262fa15fdfdaa8204ba91ed3e3637b5bccd0d626dea01328688d7ba35520ff4c243dda2dbbc5a6aab7f9836aa1ef57953d49895176c84207a2ef

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2.6MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        ca3b6b4aef05803c5a1be8137f50d3cc

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        96e8d4892272ad01232bf7ec8fde6df4b2cd7f37

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        1fba4fb6ce2db3b783a1783dac61f0577a56da226b2475ba6f7abee41a574dfb

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        6ed0ef80b3e63b49ec603fbf00b09a922c897c5c34bc8ec1c54fb22e092e8d7e818c8a76cec7b0ae27dbe263c6b6e5ebd8d9293fba8b5e72e69dcbdcf411b9a3

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        5.7MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        a7c3e24b9ecc2574c4c381b71b7addcf

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        080a24ba3aeee96f811a44e9ff7fc97a6ad06fec

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        487af0b0e118198d80bda4a05dccffbd2b92ef253cc2da4c3fe8203d1b920171

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8303a6114141165aa32640acb00e435200564f5457ef10b5707e4902676dbee1e64366582be39b666774708f3090b61ef277c218aca0268c9a5eb9cc11e188c3

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        42B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        70b1d09d91bc834e84a48a259f7c1ee9

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        592ddaec59f760c0afe677ad3001f4b1a85bb3c0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.8MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        48df39f022d853929c0df59630a45ede

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        fed259e241d064c9141e2b70d075922de410e428

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        52b3be893f46a3fb2e0668a5e548a2e04501073824f59313b0f9d4265be684fd

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        7251c08a8e2375c5437060ed52ac3d57c94a9f14d08ae7c6af40a2a5a327a83470cd66dca0263910a0875fcc2acb7100ef4d3a3577034b5553636f0d551c5ee8

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.4MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        dc623edf731063dc825836006dcefdf9

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        846ac453e16d69fa75cc260df67b31c1aafabdfb

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        f36e7753915836440df27721789828217eecaa0f9d8d3eb0d14a05db28d55d77

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8f0c6c038e0603ab7db63a3e1a8f0c62d291b70398e1559f85d5418ec2def039877067c63a10787faa8f680624403edc5515dd9b87eb2d9258888fc77d6ded6f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        2.5MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b44887d937a99c7f61e3dabfd3655772

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        7ad09d9029b6c50dcd5d6ee4901e7aaf2b7fe396

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        e011f0ebcd5cffbc9040a17896d02f41a0f56d2f3b6a51ec50a48d97393f88e8

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        e23fd3c56fb2544535e28e50d23cf95224e35f5e632be7265de4a3a232eae53d79ecc628c2d73fd028f5fff8d140b37fd87a017b3047a5443d5974cd02af5199

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        829B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        c9a5187b0eafddd67f9f710ca8132c05

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        46b9e584376e7fb2dc1f53799e2254b6ee136405

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0b27bd499251fb0b5f8789ef455c5a842771603b5606151c0f019fd186eeab5d

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2708b7a0b1e67b6eedb2d1b121749c6da9093a65d8fa1ac69c4c3dcb601c692a97ffa9ad1088390b64dedda38e6a88d8684057abfb5ad2cabf8f4b88cc7e39ae

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        100KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        8710ea46c2db18965a3f13c5fb7c5be8

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        24978c79b5b4b3796adceffe06a3a39b33dda41d

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Ransomware.Locky.zip
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        125KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        b265305541dce2a140da7802442fbac4

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        63d0b780954a2bc96b3a77d9a2b3369d865bf1fd

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 301428.crdownload
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.4MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        63210f8f1dde6c40a7f3643ccf0ff313

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        57edd72391d710d71bead504d44389d0462ccec9

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 453072.crdownload:SmartScreen
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        7B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        4047530ecbc0170039e76fe1657bdb01

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 668924.crdownload
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        877B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        cd480b40656a01015f5c7e16832d3384

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        c446c9cb3a534d9ea432916bbd04b466a07d4521

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        c2863c67203376c14e8f2c64e16f65185d2f1272c75fe9d6b43f301ad1181d64

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        0504e98fbb276374b9c3aa8edab36154b412934269d1cda99e8b0742c0f1071326cc3ad5e08e51446421dcedcce362ef6d51e22461a4267ed92f3abba0e87576

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 928314.crdownload
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        338KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        04fb36199787f2e3e2135611a38321eb

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        65559245709fe98052eb284577f1fd61c01ad20d

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 969942.crdownload
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        15.9MB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0f743287c9911b4b1c726c7c7edcaf7d

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        9760579e73095455fcbaddfe1e7e98a2bb28bfe0

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 982667.crdownload
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        48KB

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        ab3e43a60f47a98962d50f2da0507df7

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        4177228a54c15ac42855e87854d4cd9a1722fe39

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\install.bat:Zone.Identifier
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        55B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        0f98a5550abe0fb880568b1480c96a1c

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.5.2.exe:Zone.Identifier
                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        26B

                                                                                                                                                                                                        MD5

                                                                                                                                                                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                      • memory/552-4901-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4864-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-5008-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4863-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4917-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4898-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4938-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4888-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4866-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4865-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/552-4966-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/1204-1293-0x000001975E1A0000-0x000001975E1B0000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        64KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/1204-1372-0x0000019763B40000-0x0000019763B50000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        64KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/1824-4729-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        56KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/1824-4698-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        56KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/2828-1274-0x00007FFAC73C0000-0x00007FFAC73C1000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/2828-1273-0x00007FFAC6FD0000-0x00007FFAC6FD1000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        4KB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/5372-5032-0x000001DDBE670000-0x000001DDBF664000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        16.0MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/5372-5042-0x000001DDD9C30000-0x000001DDDB1BE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        21.6MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/5584-4900-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/5584-4915-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download

                                                                                                                                                                                                      • memory/5584-4899-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                        1.9MB

                                                                                                                                                                                                        Download