Resubmissions

03-12-2024 21:44

241203-1lfvba1ncp 6

19-10-2024 22:38

241019-2kv4aavgnm 3

19-08-2024 01:19

240819-bpr93szapm 3

19-08-2024 00:51

240819-a7mlwavcqg 10

19-08-2024 00:48

240819-a5824avcka 6

19-08-2024 00:44

240819-a3nndavara 10

19-08-2024 00:41

240819-a12gfsvaja 7

19-08-2024 00:39

240819-azr7dsthlh 8

19-08-2024 00:02

240819-abjkcasema 6

19-08-2024 00:00

240819-aas3dswaqk 1

Analysis

  • max time kernel
    1762s
  • max time network
    1796s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-08-2024 00:51

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 12 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Executes dropped EXE 28 IoCs
  • Loads dropped DLL 21 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 14 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • NTFS ADS 11 IoCs
  • Suspicious behavior: AddClipboardFormatListener 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa8,0x10c,0x7fff5cf63cb8,0x7fff5cf63cc8,0x7fff5cf63cd8
      2⤵
        PID:2064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:1832
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2532
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
          2⤵
            PID:3748
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:220
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:4364
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4916
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                2⤵
                  PID:584
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                  2⤵
                    PID:2440
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                    2⤵
                      PID:4324
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                      2⤵
                        PID:332
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                        2⤵
                          PID:2188
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                          2⤵
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2216
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                          2⤵
                            PID:4348
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
                            2⤵
                              PID:1512
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
                              2⤵
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5048
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
                              2⤵
                                PID:3068
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                2⤵
                                  PID:4880
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=1816 /prefetch:6
                                  2⤵
                                    PID:2156
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                                    2⤵
                                      PID:1612
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
                                      2⤵
                                      • NTFS ADS
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1620
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3304 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:224
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                      2⤵
                                        PID:1072
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                                        2⤵
                                          PID:5112
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
                                          2⤵
                                            PID:1368
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
                                            2⤵
                                              PID:2752
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
                                              2⤵
                                              • NTFS ADS
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:1700
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
                                              2⤵
                                                PID:1084
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
                                                2⤵
                                                • NTFS ADS
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2588
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                                                2⤵
                                                  PID:3712
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3488
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
                                                  2⤵
                                                    PID:3024
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
                                                    2⤵
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4636
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
                                                    2⤵
                                                      PID:1736
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5129699551371154355,1757231462484011478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
                                                      2⤵
                                                      • NTFS ADS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3644
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4480
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3348
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:280
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4128
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:3512
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:4860
                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Deskbottom.zip\[email protected]
                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_Deskbottom.zip\[email protected]"
                                                          1⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2328
                                                        • C:\Windows\system32\taskmgr.exe
                                                          "C:\Windows\system32\taskmgr.exe" /0
                                                          1⤵
                                                          • Checks SCSI registry key(s)
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:1876
                                                        • C:\Windows\system32\werfault.exe
                                                          werfault.exe /h /shared Global\f09724def3dd47aaaf4535fac85f1e6c /t 3344 /p 3340
                                                          1⤵
                                                            PID:3592
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                            • Boot or Logon Autostart Execution: Active Setup
                                                            • Enumerates connected drives
                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                            • Checks SCSI registry key(s)
                                                            • Modifies Internet Explorer settings
                                                            • Modifies registry class
                                                            • NTFS ADS
                                                            • Suspicious behavior: AddClipboardFormatListener
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            • Suspicious use of SendNotifyMessage
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2656
                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]
                                                              "C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • Drops file in Windows directory
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:4844
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                PID:2752
                                                                • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4000
                                                                • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3288
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:2276
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:124
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3092
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:3708
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4556
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:5028
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:4092
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4248
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3196
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:1600
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4124
                                                            • C:\Windows\system32\taskmgr.exe
                                                              "C:\Windows\system32\taskmgr.exe" /0
                                                              2⤵
                                                              • Checks SCSI registry key(s)
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2124
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:1892
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3448
                                                            • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
                                                              "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:4160
                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
                                                                "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:1000
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                              2⤵
                                                              • Enumerates system info in registry
                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                              PID:1608
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5cf63cb8,0x7fff5cf63cc8,0x7fff5cf63cd8
                                                                3⤵
                                                                  PID:3776
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1800 /prefetch:2
                                                                  3⤵
                                                                    PID:5052
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
                                                                    3⤵
                                                                      PID:3716
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
                                                                      3⤵
                                                                        PID:1632
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                                                                        3⤵
                                                                          PID:3656
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
                                                                          3⤵
                                                                            PID:804
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                                                                            3⤵
                                                                              PID:448
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                                                                              3⤵
                                                                                PID:3460
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
                                                                                3⤵
                                                                                  PID:2876
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                                                  3⤵
                                                                                    PID:5020
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                                                                                    3⤵
                                                                                      PID:4388
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                                                                                      3⤵
                                                                                        PID:3004
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,3677632648188477476,7797611409836052579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                                                                        3⤵
                                                                                          PID:3528
                                                                                      • C:\Windows\system32\taskmgr.exe
                                                                                        "C:\Windows\system32\taskmgr.exe" /0
                                                                                        2⤵
                                                                                        • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        PID:4612
                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\New Microsoft Word Document.docx" /o ""
                                                                                        2⤵
                                                                                        • Checks processor information in registry
                                                                                        • Enumerates system info in registry
                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1092
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                        2⤵
                                                                                        • Enumerates system info in registry
                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                        PID:3628
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5cf63cb8,0x7fff5cf63cc8,0x7fff5cf63cd8
                                                                                          3⤵
                                                                                            PID:3600
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
                                                                                            3⤵
                                                                                              PID:5048
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
                                                                                              3⤵
                                                                                                PID:4764
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
                                                                                                3⤵
                                                                                                  PID:2152
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                                                                                                  3⤵
                                                                                                    PID:4528
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                                                                                    3⤵
                                                                                                      PID:892
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
                                                                                                      3⤵
                                                                                                        PID:4804
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
                                                                                                        3⤵
                                                                                                          PID:2072
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                                                                                          3⤵
                                                                                                            PID:4336
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:8
                                                                                                            3⤵
                                                                                                              PID:5052
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                                                                                              3⤵
                                                                                                                PID:2696
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
                                                                                                                3⤵
                                                                                                                  PID:3056
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                                                                                                                  3⤵
                                                                                                                    PID:2360
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
                                                                                                                    3⤵
                                                                                                                      PID:2644
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                                                                                                                      3⤵
                                                                                                                        PID:2532
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                                                                                                                        3⤵
                                                                                                                          PID:4424
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,17804769724565616922,17256894829146920676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6072 /prefetch:2
                                                                                                                          3⤵
                                                                                                                            PID:4532
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:1716
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:2020
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Walliant.zip\ska2pwej.aeh.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_Walliant.zip\ska2pwej.aeh.exe"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:492
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-VUO4K.tmp\ska2pwej.aeh.tmp
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\is-VUO4K.tmp\ska2pwej.aeh.tmp" /SL5="$100212,4511977,830464,C:\Users\Admin\AppData\Local\Temp\Temp1_Walliant.zip\ska2pwej.aeh.exe"
                                                                                                                            3⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Adds Run key to start application
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:2452
                                                                                                                            • C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe"
                                                                                                                              4⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • Modifies system certificate store
                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                              PID:2036
                                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                                          "C:\Windows\system32\taskmgr.exe" /0
                                                                                                                          2⤵
                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                          PID:2512
                                                                                                                        • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe
                                                                                                                          "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:1968
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe" end
                                                                                                                            3⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:4336
                                                                                                                        • C:\Users\Admin\AppData\Local\Programs\Walliant\unins000.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Programs\Walliant\unins000.exe"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:2184
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Programs\Walliant\unins000.exe" /FIRSTPHASEWND=$703D6
                                                                                                                            3⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:3956
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              "C:\Windows\system32\cmd.exe" /C "taskkill /F /T /IM walliant.exe
                                                                                                                              4⤵
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:5056
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /F /T /IM walliant.exe
                                                                                                                                5⤵
                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                • Kills process with taskkill
                                                                                                                                PID:4408
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:8
                                                                                                                      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                                                                        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                                                                        1⤵
                                                                                                                        • Enumerates system info in registry
                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                        • Modifies registry class
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:1068
                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:3880
                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:3896
                                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                            1⤵
                                                                                                                              PID:260
                                                                                                                            • C:\Windows\system32\werfault.exe
                                                                                                                              werfault.exe /h /shared Global\be5e0944b2774d14ac6c2bc22a076726 /t 5024 /p 2276
                                                                                                                              1⤵
                                                                                                                                PID:2452
                                                                                                                              • C:\Windows\system32\werfault.exe
                                                                                                                                werfault.exe /h /shared Global\42884709bf6a488ebdb02180b2718d62 /t 1964 /p 4160
                                                                                                                                1⤵
                                                                                                                                  PID:4452
                                                                                                                                • C:\Windows\system32\werfault.exe
                                                                                                                                  werfault.exe /h /shared Global\1726ee83920b46de9619433a63f7c2e5 /t 3800 /p 1600
                                                                                                                                  1⤵
                                                                                                                                    PID:3436
                                                                                                                                  • C:\Windows\system32\werfault.exe
                                                                                                                                    werfault.exe /h /shared Global\7c8239d260284a46a21e364299d415d2 /t 3480 /p 3708
                                                                                                                                    1⤵
                                                                                                                                      PID:4176
                                                                                                                                    • C:\Windows\system32\werfault.exe
                                                                                                                                      werfault.exe /h /shared Global\356c880cfcb644ae979c2f210afb27b6 /t 3772 /p 2752
                                                                                                                                      1⤵
                                                                                                                                        PID:3044
                                                                                                                                      • C:\Windows\system32\werfault.exe
                                                                                                                                        werfault.exe /h /shared Global\6c76530d9b29429090c720652bf73b59 /t 880 /p 1892
                                                                                                                                        1⤵
                                                                                                                                          PID:3216
                                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                          1⤵
                                                                                                                                            PID:888
                                                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                            1⤵
                                                                                                                                              PID:3896
                                                                                                                                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                                              1⤵
                                                                                                                                                PID:4000

                                                                                                                                              Network

                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                                MD5

                                                                                                                                                9e466b4837d8431be725d6b9c1b4d9ef

                                                                                                                                                SHA1

                                                                                                                                                3f247b7c89985a41d839cad351cd0fc182fcb284

                                                                                                                                                SHA256

                                                                                                                                                2f9a5eeb5ac8cec52a3e73621e4d392f501f5d657dfec3215ccd40eec317208d

                                                                                                                                                SHA512

                                                                                                                                                01de0fda555d63b5c38339b0f6d38c28de2a882643439679e63cf5d75f13516b57dc90e8dfb8c638bda328fc12342e58d1e501acec8f85b92dbd5589dac06418

                                                                                                                                              • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                Filesize

                                                                                                                                                4B

                                                                                                                                                MD5

                                                                                                                                                f49655f856acb8884cc0ace29216f511

                                                                                                                                                SHA1

                                                                                                                                                cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                                                SHA256

                                                                                                                                                7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                                                SHA512

                                                                                                                                                599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                Filesize

                                                                                                                                                152B

                                                                                                                                                MD5

                                                                                                                                                9828ffacf3deee7f4c1300366ec22fab

                                                                                                                                                SHA1

                                                                                                                                                9aff54b57502b0fc2be1b0b4b3380256fb785602

                                                                                                                                                SHA256

                                                                                                                                                a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

                                                                                                                                                SHA512

                                                                                                                                                2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                Filesize

                                                                                                                                                152B

                                                                                                                                                MD5

                                                                                                                                                33283e35e23033332d4a139e2f65d375

                                                                                                                                                SHA1

                                                                                                                                                15329faa7f816fbbdf558ec9bb7d47d09f0e72e1

                                                                                                                                                SHA256

                                                                                                                                                49d57921366b017b08bc13942d5d3f0f146167cae92058fd13289b8df1cddfc4

                                                                                                                                                SHA512

                                                                                                                                                36b620c0813445358143c54bb06da8dd933b8e61104fb34cb9b5f03a6c9133a195e4fca6ade1b79ed93c62fb3439f4fd5df40bae8e9aa4c8fde72e17a03079c6

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                Filesize

                                                                                                                                                152B

                                                                                                                                                MD5

                                                                                                                                                cc2429a9fdf1ff1b068b456a6f9edb5a

                                                                                                                                                SHA1

                                                                                                                                                ccd3f60cc81c69bc5edad4d618e10e601d492802

                                                                                                                                                SHA256

                                                                                                                                                89b660e0941a7b9f25b7be9bd3e77d35b2121f6d0b940d46851b8ebc5918826e

                                                                                                                                                SHA512

                                                                                                                                                8ad8c90e98833f9bab7efda39f0e3c343fbd36aba8c54c53a722e88ab8c79a6b12971171ee42332552b107e84bcac1342d609b389f8d34d06264b2a73015a9ae

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                Filesize

                                                                                                                                                152B

                                                                                                                                                MD5

                                                                                                                                                5840c56c567c79be6cc464545e5dec3f

                                                                                                                                                SHA1

                                                                                                                                                a4b568d56c1cfd6ca48104a013ecb09ab40008da

                                                                                                                                                SHA256

                                                                                                                                                a748de7dadb84bfc2bf38509f1cc01cd561b2d520eb3adc5859707644b8c615f

                                                                                                                                                SHA512

                                                                                                                                                77e2a54845d4480dece6ffe1aca4f5d9dbb2bf9df2f8695b42b9ef43ad9a7e47ab0476c30cac67f622786a64ecd7bf8085635c4b9195d61ee91d07e1032f18c3

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                Filesize

                                                                                                                                                152B

                                                                                                                                                MD5

                                                                                                                                                6fdbe80e9fe20761b59e8f32398f4b14

                                                                                                                                                SHA1

                                                                                                                                                049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

                                                                                                                                                SHA256

                                                                                                                                                b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

                                                                                                                                                SHA512

                                                                                                                                                cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b2a8b21-af02-4a66-abea-04a3ca3050be.tmp

                                                                                                                                                Filesize

                                                                                                                                                1B

                                                                                                                                                MD5

                                                                                                                                                5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                SHA1

                                                                                                                                                3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                SHA256

                                                                                                                                                cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                SHA512

                                                                                                                                                0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                Filesize

                                                                                                                                                2KB

                                                                                                                                                MD5

                                                                                                                                                5da530d45a70ae07b207e43f19c07348

                                                                                                                                                SHA1

                                                                                                                                                8838ad0e5d163b3c2153e28e83b0d37907d89a69

                                                                                                                                                SHA256

                                                                                                                                                a89e2018bbd3502a179477b6e2c8ed47d3d04fdb0d31089851454c8e2bf34f05

                                                                                                                                                SHA512

                                                                                                                                                aef0239116bb67e59d94ba197ca69deabf08b2588f33c19281808a885ae69202cbe8fc87c88a7b4cd1a6b22fe337b878a02e3b60a9d7817f2f5be271c62c1a7d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                Filesize

                                                                                                                                                2KB

                                                                                                                                                MD5

                                                                                                                                                988a3a6b12ef07042d67d74269427300

                                                                                                                                                SHA1

                                                                                                                                                4dd8abf8bdfdc2e48fd4426141f012254e8a4a9f

                                                                                                                                                SHA256

                                                                                                                                                a68d3ca647390c0505db0fcc57467c6f5a0f6108e3c145ec61ef951a73b79d85

                                                                                                                                                SHA512

                                                                                                                                                d11a8de9667018d639e5ff39859de57fde4a96d4797f35f425fcf1f0eb39e07150c4c348ad9cf25d4cf0a18160576c3a7a46b21e25cffc3502644478d25d6c72

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                Filesize

                                                                                                                                                2KB

                                                                                                                                                MD5

                                                                                                                                                89ba1adb09a21ce02c56214dd298385c

                                                                                                                                                SHA1

                                                                                                                                                23a3f586518d7b5c86f80d810f3dcf72dc06f4eb

                                                                                                                                                SHA256

                                                                                                                                                305dd0c6d77566cf7e124d42f1b29f12b59ffac42dee43311dded9953a550aa4

                                                                                                                                                SHA512

                                                                                                                                                e60d227ca018462d17c1fde010d390122b55eaf714c44c7f395a90f6910d6ad07a9aa47ebd82d66587c2fa1444626c1b1d91ba6813b87396f147dc10c8e5db11

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                Filesize

                                                                                                                                                264KB

                                                                                                                                                MD5

                                                                                                                                                e5a3e7e4eed5639db2e2f3e33a8ec806

                                                                                                                                                SHA1

                                                                                                                                                fab155367bc845bec097b48d50bd856ca8665343

                                                                                                                                                SHA256

                                                                                                                                                c58e1f38669fe8ad6deeaf3e9aad7033f8d5c6c21e34b408441e8902234a3ca9

                                                                                                                                                SHA512

                                                                                                                                                8a4458eeaace3c749991e29366546a62822e2446ac4f84be11430c6809f3fc7a349240cf08114181cad2bae10787b24696f4ebd6efeb356a02c1a6ab064f9771

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                739B

                                                                                                                                                MD5

                                                                                                                                                50691dd47cd1a25c517a1a8f148e47e9

                                                                                                                                                SHA1

                                                                                                                                                84d0cbd72f26171a89fcb98a648e31cc741e59d0

                                                                                                                                                SHA256

                                                                                                                                                bbdda216562894ec8f27b9dee361ce48730d72515553853fd2c5b243daadefa4

                                                                                                                                                SHA512

                                                                                                                                                43bb77214f696630ba4227c8c321abf423ce15e4578ffc0aa9b9e3adf043030feb9b246611ef778bc364430167254dc81a5ca401552487adc73ea6a440000608

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                739B

                                                                                                                                                MD5

                                                                                                                                                e94ff2aa5416a64d7f6cf099310105e9

                                                                                                                                                SHA1

                                                                                                                                                dd12ebfb87e7ffc0ba6823d00c063e4caa4d1d51

                                                                                                                                                SHA256

                                                                                                                                                27d0b0f1618c95dd17b6e0f72048dc29f9b9433490c4be6e246333a91c89fb84

                                                                                                                                                SHA512

                                                                                                                                                72c56e4473ab9655d3d5693e1258ac77ba5346996cca5625e8400c2175053c095f3b48e2f4c90556d88a387fe9ecc75381b78a9ae234805714dcf00cf4ead7d4

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                739B

                                                                                                                                                MD5

                                                                                                                                                19fa6bbfbcb0911679a52c80611c02a4

                                                                                                                                                SHA1

                                                                                                                                                69f6ed3c4a2bed160c920b02d277f6da8f7d9ff1

                                                                                                                                                SHA256

                                                                                                                                                3dbf65feac59a07f5c4aaad5cb2bf53e9799d5775af2892fb1f2167952f6c9bf

                                                                                                                                                SHA512

                                                                                                                                                7037468bc5e57e0fa3cf9f8d6dcb0496f2007a15ce5c9a1183196c288216d8674de44e7a923219d9b010c14512a5d9edd3c4cfa52192fcbfe4dcb4875b6d104f

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                111B

                                                                                                                                                MD5

                                                                                                                                                807419ca9a4734feaf8d8563a003b048

                                                                                                                                                SHA1

                                                                                                                                                a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                                                                SHA256

                                                                                                                                                aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                                                                SHA512

                                                                                                                                                f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                669B

                                                                                                                                                MD5

                                                                                                                                                366d1c10cf5779f3891b958ffdca1987

                                                                                                                                                SHA1

                                                                                                                                                0b7fc789001f2e8f1331c454c6d410a938ce25a6

                                                                                                                                                SHA256

                                                                                                                                                60ce7406639e9dcaaddd36da1fc83be7ebeb2175ae6a7f65e50fb92f18f318b9

                                                                                                                                                SHA512

                                                                                                                                                b338fd68a83e99544eca6eff460398ac545368e2d276752d85360f06fe8e4c505884a424923bf1c0a6c02384ab3997964c85c5ed5e2a9bc1210c207091f7c7aa

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                739B

                                                                                                                                                MD5

                                                                                                                                                a481a0746eaa255f00707ac1936455b5

                                                                                                                                                SHA1

                                                                                                                                                1be24b612659e1ebd3cda9e1a4e877ed71f14f51

                                                                                                                                                SHA256

                                                                                                                                                7a50c6a6698968cc5a5d5b1aafefb7d4747003635a321d0fcac580ee6cbd20c9

                                                                                                                                                SHA512

                                                                                                                                                8e5ccdcff01eda09c33d5d57013bc7f428a62c3c2157e3f2d7a3d1ee98d248f6e8a91d049da157c1581d260418bef579e95e019ca7b5404dfdc311636bc65996

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                739B

                                                                                                                                                MD5

                                                                                                                                                7849d2108262d251fe6bd64d6be210b9

                                                                                                                                                SHA1

                                                                                                                                                191810d50988ba6b9e42e8f59252b89b2086f9cd

                                                                                                                                                SHA256

                                                                                                                                                7d5fb7d8fd0bf40da948e007a597518cceb5e33b109b3893127cf16cd90812a1

                                                                                                                                                SHA512

                                                                                                                                                de1434c5f369817e6d16cdd19476482afc39a8cf97921b82491e2b11638ad0026bd24233773bde6e59d041192ae224a5c1265a34ae9f473987bc97453286b25b

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                Filesize

                                                                                                                                                669B

                                                                                                                                                MD5

                                                                                                                                                3e82e31df16c611906eb4fafbb7f8c9e

                                                                                                                                                SHA1

                                                                                                                                                146f48b1cc3e631182421f04f908621d03b844cb

                                                                                                                                                SHA256

                                                                                                                                                22f0b47ccdaa357d282b24e0e04a5c9fde5a0db67def1ea54e45cf8eef3dd28f

                                                                                                                                                SHA512

                                                                                                                                                60930397fc358a712430e75e26caafdaf187d5a933924a4f20d6e04f5e915fe7ce61abd38ad72da72df2e8c9693e00c5d3aa4f1c5db60a7a26fe40698d12fc64

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                5KB

                                                                                                                                                MD5

                                                                                                                                                80226212058910ea751203040a8d375f

                                                                                                                                                SHA1

                                                                                                                                                707647f2a85394eec8e9a3e0d1e0ce6db6873233

                                                                                                                                                SHA256

                                                                                                                                                e0c88805d3e47b00dba73291a74ff3da37e7a0f4fbaf47494b796eec7fe3ad9a

                                                                                                                                                SHA512

                                                                                                                                                35d3e6f65b8b07d064f251a4370a87427604e96356e3fc0644207725e50e7771d0d28f87dea47394c9b9200d3ae07a147f5389329ee8cfced185173449d8d950

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                c11384d31c1a5caddd0bf61ee92ba0a6

                                                                                                                                                SHA1

                                                                                                                                                c165afcea728e7feea62252c26abbd7b66a66218

                                                                                                                                                SHA256

                                                                                                                                                4778b555c772c10ff64e8f679e77eca36781e163b43a8a327cc275be65df4b59

                                                                                                                                                SHA512

                                                                                                                                                cc2b8085dc7be9a2b515fd36e5fbd21af45520ab6518aeb47e6c113bf627e46a32538a5bf8505e35eb77afe812809fa2d0825c52dd238a8657e40c56cd0f4e54

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                7109a542d0a713664a39a82c899e9142

                                                                                                                                                SHA1

                                                                                                                                                a5a6e9ae58ef75b0cb25078a3531b5061902d473

                                                                                                                                                SHA256

                                                                                                                                                7ec2553922ce7d0aaf35670c985e24089fd5db6fbb9e9a58829a3c90874008e0

                                                                                                                                                SHA512

                                                                                                                                                db0c1fc3e405439c13409a4c905a4bbec7896d9f87b6c2e25b593a48ca47bf8d1e4833b024a8478882b85cf2fbee375cb2b005a70ab08a5d04207e2893eb121d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                c88b6ac8c91c3009e9f75e153c112642

                                                                                                                                                SHA1

                                                                                                                                                be120c33aff1b503b6ed3016a0642549a550f62e

                                                                                                                                                SHA256

                                                                                                                                                2e2651767d9fe13aad47d673d85ac0c080cb69f670340c0a81eb0bdb989593e5

                                                                                                                                                SHA512

                                                                                                                                                6a50253c1df1c8f40eca1afa1d9c18bd3fa8b26beba21cc2f164de90b0b47b1755420331a13188730e9a7742327f6136f028a07b929bfe352f30ee6c4c6954cf

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                7473b07e8feb2632fdc471432a092d15

                                                                                                                                                SHA1

                                                                                                                                                477aa00fec12f17621c5d8b02188d7379a0bc08a

                                                                                                                                                SHA256

                                                                                                                                                74a1cb4fc26ecc29c8b281fde29f4177bc111f9d7cc686a802c696f1cb82fb5b

                                                                                                                                                SHA512

                                                                                                                                                0eae2375adf0c8ea5fa9a216f86a70761c87245de85a3dbbd2131199e3f03a493cdf765c4da58ce9ccee31a846014299ab151b88da32e9cdf39cdf97b7f1dc0c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                4d56954f9ae7ba304fe306134aec6866

                                                                                                                                                SHA1

                                                                                                                                                b1da285bff57a4f561568ed672015dccb12d048f

                                                                                                                                                SHA256

                                                                                                                                                5c4e99cbfae1ef80967171061b6a17ac9c5a4602c395de06640a76aa284cb521

                                                                                                                                                SHA512

                                                                                                                                                9d26345c803b35da5f1efb319513f305fc57369078ef29a9219a8d764f8673d88464a2c4e601670c4f27f5ee2aded4dd186dd07415abaf338fa3fd9199aeac01

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                746a87f37e8184e134fdef7a02683025

                                                                                                                                                SHA1

                                                                                                                                                81058ec1a0f291efe4212a47a2438922b62538b5

                                                                                                                                                SHA256

                                                                                                                                                30cbad6da335fc5a69aec1facaaace80e5a1b00c12b13572464a2f0c6f1bf30b

                                                                                                                                                SHA512

                                                                                                                                                e1e7792b26fbd97360f594cf5492f77a6f13461357255fae164f859d70dc6b62da6bc90c4de73ef3192d0c36fe6ae9176a637e7ebf68d86992bcc71e8e59bdd1

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                737f413ee8d7acad54644ade5b40cf96

                                                                                                                                                SHA1

                                                                                                                                                53bb160a3cd9f60169886887504089cbf4e831f2

                                                                                                                                                SHA256

                                                                                                                                                4ce5b11abcd3e1dcf23ee48189d66ae942bb8964b5758b612e992a51a22af221

                                                                                                                                                SHA512

                                                                                                                                                7e88dab6ff1d5ba3543d421270737369c9e45381cf235dbaa10b09db7774c3968f50634e0ef16fc98015fdaacf481002a91e8c4de8441a9172660fab817713ac

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                fed717655dc813a902659439c248a57a

                                                                                                                                                SHA1

                                                                                                                                                b0b9a7976b8ab94dfd28a23924f570875abc9b5f

                                                                                                                                                SHA256

                                                                                                                                                25304747af32db675657b16b1b62c694365ada4b12048c46bded10a837f8fb9f

                                                                                                                                                SHA512

                                                                                                                                                57fe81a260ab377a2a723dcc30fbd8639f22fec5e187c629340c9b58dc0fcba9d412d022a7b872669fe3791d968360c8018f469e2d31e7aa7f9cc483f8dc044a

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                3f5100860e3cecd61c56b1835cda8eee

                                                                                                                                                SHA1

                                                                                                                                                78031a8c784cd38a2806fde0af53ad4afa2cc959

                                                                                                                                                SHA256

                                                                                                                                                5eea51430c7eff9a09dcf20b271119e3e896ccebd18a27172ccf41b7155fb313

                                                                                                                                                SHA512

                                                                                                                                                09a0bd739c7b11e0c6d398a2cf09ff90d81ef850413b60c7c7f999a0333631ad3ebba02247b52a312d55927cb29556f11cf3bc049d8cb6e78e9188c98558b3bb

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                2804fd15bc657b67861bc94104a55812

                                                                                                                                                SHA1

                                                                                                                                                09ec79a9c7d35a4f7c2b7ad86ed4361de3897e5d

                                                                                                                                                SHA256

                                                                                                                                                05a86b5e3ce2eb86812a87f7ca45448e1ff8d725f37f70f2eee8869b4b61b01d

                                                                                                                                                SHA512

                                                                                                                                                a8ae5948f1708a79fc8cb392aa52d5d6747d987d07735e4ed53bd67eb6a805d15ee382ef9cf72dd52c7c443adab0a5dbd0bebf24606db2ca9410efe9379d5ce5

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                f1d5993620a7fcdf07feb034fbeb4594

                                                                                                                                                SHA1

                                                                                                                                                18bf57981e058fd83acb96f7dd010796f589022f

                                                                                                                                                SHA256

                                                                                                                                                1afd6fce2d49c6c8470bd6e49fbe969b92b21a013f13321238f0a6e2cca91596

                                                                                                                                                SHA512

                                                                                                                                                d4865ad9f773a7e03ec36fbc40c9ddfeadc45f171837048ea59f6124f62265a894b4fd6b0993e8f71337b8bf84f05db0505050c4ecdaf8a92f222a7a9a0d8319

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                7c4634ec102d59741c80a75f6266f506

                                                                                                                                                SHA1

                                                                                                                                                5bc1a693155b456df7b6e10990ff8c43999c919b

                                                                                                                                                SHA256

                                                                                                                                                e18b6f692f225cd14f035f6d111175af777bc4358e74386a0f81e02f026ae58c

                                                                                                                                                SHA512

                                                                                                                                                0631fc8bdcee8d1e6785dc7fd6cc609ef451f1009e9f9004b89b98ab2c9ce4354a8684c2a00f8ccea6518e39b04a3f1e46fd011e4d05d50929c7fc7387fdd411

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                eb2aeb7df11a62d7a0891b7337a69a3b

                                                                                                                                                SHA1

                                                                                                                                                8526e1400a20e0737c547a95e28078dd0e736013

                                                                                                                                                SHA256

                                                                                                                                                e84b73f7cded744e5ac0d669fe5090cfb31bdd143fea45435ea79e268fc31d18

                                                                                                                                                SHA512

                                                                                                                                                8ec18878b7f46f0e746ddcf81c412541e1f8cc54e1a817d6489ae8df2568bfa763aecf6b2d336c4438e8cfffe813413ba45ac6d5381a4cd757a0a2a46c1bdaf5

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                d5a5ccf3bd00f5cbd84afafc99a9d3db

                                                                                                                                                SHA1

                                                                                                                                                9f64ca398e2c7efa6a16cfff6542141754ec4877

                                                                                                                                                SHA256

                                                                                                                                                ead2b4f6de582b10bca84e6fadef15124146b614ba41979b23457571ed02ced1

                                                                                                                                                SHA512

                                                                                                                                                82000ec01b28b2fe8d27174b73180983ea45fb0fa7c4432b2321b1fa1f977ea0e26945651f83bc558551f3a6f4d0b0fb6c4cfffffbbc90fe05b6b7b858d67d78

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                b27c265ffc21e58db789237d60838716

                                                                                                                                                SHA1

                                                                                                                                                393ac39d58c2f2b3631c8036ff3e36494f252a1c

                                                                                                                                                SHA256

                                                                                                                                                59e6da9c32ff8b57c0f05163b6489163e0ecb0fccedb8cc25deafad53487e97c

                                                                                                                                                SHA512

                                                                                                                                                e61af3dc94eb09154745c121091b8bbd69199c583ad1a11f20160ada37147d818e1fc36a713f7065671db29c170452d086f0b5304c3d0bf4a4b8b3ace01a6851

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                073b40f2825c5d05faa7cce486cecf47

                                                                                                                                                SHA1

                                                                                                                                                13e90a65de01004b6e6f3afd9d334cbb3bd8be36

                                                                                                                                                SHA256

                                                                                                                                                9b68fead4ccd5e811e9b49ebba566ac0152da1ca32e2bbdcaa51ac9418c9920b

                                                                                                                                                SHA512

                                                                                                                                                2042f6bba7fc89e509a464db61128f4018e9c9af6ae031fda1ae4baae5792c55e21e2b6eb6b1493254b23fc05be0c82005a53be7fa7543d2225b62649a756184

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                Filesize

                                                                                                                                                6KB

                                                                                                                                                MD5

                                                                                                                                                0a17e0b8ac092dade95d02f774853d49

                                                                                                                                                SHA1

                                                                                                                                                d7f4cbed370e51744220a594b56e360f4925a7d0

                                                                                                                                                SHA256

                                                                                                                                                40ad170c559b111a59a63659df031e0f65bc2acdc1152671725be0315122049e

                                                                                                                                                SHA512

                                                                                                                                                7b36ecca026380b8ff7bc4c3461f5407beba9f7f30b702545018b3d34a01e4267685d068bc622676143626ba3140774d727d20068c59b73fbd670f32a32b658c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                342ea3bf09e711f8f2ebcf58cbe1c55e

                                                                                                                                                SHA1

                                                                                                                                                d9c05c0ee9b56656c949b6869db0b6ed217eca08

                                                                                                                                                SHA256

                                                                                                                                                bccfa1e35de0b919f909a69a80cbe005fc0fb4a8c586c1d87a25b8956f1bf40d

                                                                                                                                                SHA512

                                                                                                                                                bb0ea70a46d756f5cce3bf1d8771be5122b7b2eca3cd5b23edd78efbee26bcd5b45fb7d93f867e9c34f82c8a5691c4c52aee19f7d6dfc0bc049035284a7639e5

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                1c43fcd70a2ad797f88257909882d7c5

                                                                                                                                                SHA1

                                                                                                                                                28943242c3da1e4ebb44b14f61869d7f7aeef6ff

                                                                                                                                                SHA256

                                                                                                                                                50349387fca0a425f7225a6433a0605c8a76d44cd8188a7447782817ac1f250e

                                                                                                                                                SHA512

                                                                                                                                                fc29c7a47b3deded1854dd4e0d1b3bb8334aa0edb9444373a16f45cb1cc89eed07b9dd649d908a828672ea157c05bccae509fb97430c266ae64affb4e36adbf7

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                c81ae0715f041a74817148a1b958f44e

                                                                                                                                                SHA1

                                                                                                                                                c3676459c8dff84749d3d200a75a464c81ffb7f4

                                                                                                                                                SHA256

                                                                                                                                                004b1d2abcfe785fb81f192253609932a7957519e55f0f4853f2d596b3cb5028

                                                                                                                                                SHA512

                                                                                                                                                3bca02dfb1bcd53557a0e1d3c6f8b7c3069759b5478ed4b3c633ff1df28e83593b2c38a95f49eb76e1978390bfe8ea220bd5edb0bd8281650fe8efe129f8989c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                25df335233325c1712361b52fbd72787

                                                                                                                                                SHA1

                                                                                                                                                2dac3afa0c99bdbf985f80fb219add1242a8dd7e

                                                                                                                                                SHA256

                                                                                                                                                85db0fdb68ca462bcfdb64e4aa85e1b1bf6b4e3dd0b3912a729e64d72f3f90bc

                                                                                                                                                SHA512

                                                                                                                                                ebec5b72e0ca4c57d8b00bbab76caafa9d189a431b15d40d62d49fd19e2df7e4975ed7527b8f37bcb19895882077d38a2ca431b01dc0664695586f4aeb714f84

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                fef0f453811c6bb84704732c7598375f

                                                                                                                                                SHA1

                                                                                                                                                7f84c7f9e15b379108efe66879c03ed819b8c1a1

                                                                                                                                                SHA256

                                                                                                                                                4fdfb8a5c76dea1b5bff05517086558a82bf3695fa4b34ddb0225a6f7c641293

                                                                                                                                                SHA512

                                                                                                                                                0d7702f3f9f867bdb5195370aafcc12c7b5887d1a256882d13855348953719e43522f5f64447c4188ae3d385715a48404d6a07b3b918dfd978d361f7ca455b0d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                32eb0cda8b1ea0e5414a8681822d6764

                                                                                                                                                SHA1

                                                                                                                                                adaf4451519c3662c71d0f9fdd2b5a839b8f0d92

                                                                                                                                                SHA256

                                                                                                                                                27f6324afd0bbfe1d1f018602cd03aca1827d4c305c993af2eb498d384ece855

                                                                                                                                                SHA512

                                                                                                                                                dd9b8fc62a622f820e510685cb96c1f2741a7f0dbb27f0e4863ac3e6c1553595f537cae4a4c6e2935c5475e851a52c0987e60bb75621f662bbe22202769c8a1e

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                0a723d6ddb8b2ca76d5e6d6ba91dc5af

                                                                                                                                                SHA1

                                                                                                                                                423840269a5ab34acdbe09dc02b36505c1c36b30

                                                                                                                                                SHA256

                                                                                                                                                33598b1a96c9171df0ddcf882a70df206583a168b012fde441c9dd8474f73a83

                                                                                                                                                SHA512

                                                                                                                                                f3356fd1a4ce626d7e85c139cdf725202ed251210c4297bb1f2e2d54983c4ebbc2fdcdadd58f3d2f56154e5126ff00882fc814dc94dbb3e47289265ac5263a4a

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                fa16b46180fd8512365342cc4f28a653

                                                                                                                                                SHA1

                                                                                                                                                98dab3e442d92ba73e913e77c2dcfed391629046

                                                                                                                                                SHA256

                                                                                                                                                8e250e62e62fe6f6b63b733fa9b528ce6e11f2bc2bd982facdb75073b8fb876d

                                                                                                                                                SHA512

                                                                                                                                                dea384dac5688514f7f4e165cb7abb2cc70fa93337e67a3f1fc538d6211f387f0bbe09b5ccbd6f1535b97f5ecbfba9a4d428784b4113278f15a1886781ac9615

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                9521de4b63320c7c84ecf0751d1ff7b1

                                                                                                                                                SHA1

                                                                                                                                                29e10ad5d925970383ecb34d89df2f5c38026cd8

                                                                                                                                                SHA256

                                                                                                                                                7c808248da827771488fe8df5438a77e6f0bb550ff892d1ab0a2a3572949b4cc

                                                                                                                                                SHA512

                                                                                                                                                38b69a6f2b15c791e7a7bfe617af9363a91b2a396826481d5a0c0f07a2cc02690c2369f0150bc0dbd36a437eae40289c1318026091147dfd6b2af5ad7c1b7b3a

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                1428c82ff2b97680ab55d0201da6f06d

                                                                                                                                                SHA1

                                                                                                                                                decddd943788680c91a132a7c5590426c2a829b3

                                                                                                                                                SHA256

                                                                                                                                                d30558f078dc17fb83992e00b8634938c2eb84ab30aa6f364d8dd32f16bfad17

                                                                                                                                                SHA512

                                                                                                                                                4308aaa14fd98a1148f3d852265533b8f16dbd32b10e05943451790a8a4fff5f164eb6be410495745f7981a1e973811c4583b4ddb052a92b3f404a51a6591933

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                2a32466b0ee2dff7e5e2602239cd842a

                                                                                                                                                SHA1

                                                                                                                                                83e678df2df004d1eebb1f6de5b1167fd4fd02e0

                                                                                                                                                SHA256

                                                                                                                                                ff6eb1d6a18954d11183e420e67f631a1a31d1d18cf5ea7ae6dcc8c41e660cb9

                                                                                                                                                SHA512

                                                                                                                                                b24bf46c23c86fb12f9bf153d3dd329073f63873dac9d1193ec87cb8369f63934524a2c28084a4e9ee339544540ea600d3b39f44ba98045ba066e01f80af89ef

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                20818b336622051b3794d8f5e74f862e

                                                                                                                                                SHA1

                                                                                                                                                60c7d6df8359639853eef336c780f49340670cda

                                                                                                                                                SHA256

                                                                                                                                                3b19bf2149473a208c2731ea0f19ee9ee4fdeba85222f445181435044b8f8a2a

                                                                                                                                                SHA512

                                                                                                                                                373360f0071e8ca50da0897e40554c12eb93f67d7b0688f06efe192130757686b627976be73f12bd6ea61560fea8aeb67adbb1feb90808c9f1c892a1da6da71d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                7bb0e198bde1236835395bdad5e0d311

                                                                                                                                                SHA1

                                                                                                                                                8d8cbb4e162b7be3e2b5bdb0c1777a53a9544a91

                                                                                                                                                SHA256

                                                                                                                                                24ea66fd302b28149fa3f4003b02e64dcee0c9b3ae5c2387b61f985c41f33891

                                                                                                                                                SHA512

                                                                                                                                                f399872e4d1b9db74bd5ad32f43407ac8d71ad8bc2e9e858b78ae9cf6787aed0f9e03d67fd9cff332a1f89796fff07741c162e6f04d739a213b282dfc57ceb46

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                7879b94b12f502cfe66ff70136d92ca4

                                                                                                                                                SHA1

                                                                                                                                                9c316ab6d84a187cfeaf5b7970b36da6e8d369de

                                                                                                                                                SHA256

                                                                                                                                                623c8ff49b888ec5b8ee39a5404c92d30f9ee86bfc9204cda5e319218ccb1a7a

                                                                                                                                                SHA512

                                                                                                                                                29226fe8b6af819a6ceed5871c9b8a78aba9197a5504c6143f41c2ffc47af25063e54c782e7b373f5fba0c6c6310a550885d048fb8eb69d5b12f484389dbf2a1

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                98ff12584dd2db5aa23ad37e739799e4

                                                                                                                                                SHA1

                                                                                                                                                159f24681dcbcc9240a28df148031249679a5bb0

                                                                                                                                                SHA256

                                                                                                                                                b04e73de36ef8f4dcda79a61ba71349f2c18bc1280fc3dcb8d3d93a8ad7fa2c5

                                                                                                                                                SHA512

                                                                                                                                                3b0c8fed5d22c9f1b42b4ce73aabc6283f524c5c88fda36fb14bdef1fcdda6c69a92d2fdc279be40d4d3d3c6c4552141f4b547fe20b4f4f367e7eae9c27d9c8c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                c69d78033e61cd748ac856a13eb4d644

                                                                                                                                                SHA1

                                                                                                                                                ff4c9bdee506b2ab6601bc40ac0790481d98979c

                                                                                                                                                SHA256

                                                                                                                                                984597e7ddba4de2b6e2cd618072efbf1f569a7c44edd92d6a0c878796619b78

                                                                                                                                                SHA512

                                                                                                                                                bb53fa139a7d6d89b39b195445ad01f0e63a9a2c4d1ee07c77eac8d27e93c49f55e69c1a400c332917d6377b7ed8473c12052a91dcb031ada09ae1d4e7c10c31

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                2db08e31ea7a38063a41c981a87482df

                                                                                                                                                SHA1

                                                                                                                                                05ab2bb7bfa279640491ea8287965c77bbf60a0d

                                                                                                                                                SHA256

                                                                                                                                                48eaa9680960b891aca2a77c88441fda950bcfd7afdf72b52a40394d92f38b3a

                                                                                                                                                SHA512

                                                                                                                                                c41a7389c5dffafeb604185a818db2ad34a5e10d2a93f035ba0358af28b16e06c5981d32f22cd82c0795f3fc6a43f156d08a5c14e6328e14d588f8914f7a387a

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                85293a06740a2ebd56ac7ca9b2206ced

                                                                                                                                                SHA1

                                                                                                                                                de85b60e25a582dbe985b06b945999c19bcd0fad

                                                                                                                                                SHA256

                                                                                                                                                5c138815180f19aaf91a4294502ed21bedae8b35e52bf7799a3f724d803dc757

                                                                                                                                                SHA512

                                                                                                                                                561d6a205f82a16b4402adacff7c3dca84e4b14cf51b298a3c289ba287426b58246c23d5bccc10621eb38728f063fddaabfdd82d6a4834dfc287c9883ff2da4e

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e5e.TMP

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                58df105b75fb8e546f79d5679dffab40

                                                                                                                                                SHA1

                                                                                                                                                22720241347f698c586c4b258e12ad66c147048e

                                                                                                                                                SHA256

                                                                                                                                                67978f827a5fe1411cddf65ad77a45502c9157db5b8b0df07a69ba0ed157d814

                                                                                                                                                SHA512

                                                                                                                                                7ee3df6be9dd1888b35d2653f55b27655a07d1d8f9274c072c028202df1e94dabcdb9493a892196585aef923ad54788d899a9d2bee242d15c23bd6417a1fdcf9

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                Filesize

                                                                                                                                                16B

                                                                                                                                                MD5

                                                                                                                                                46295cac801e5d4857d09837238a6394

                                                                                                                                                SHA1

                                                                                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                SHA256

                                                                                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                SHA512

                                                                                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                Filesize

                                                                                                                                                16B

                                                                                                                                                MD5

                                                                                                                                                206702161f94c5cd39fadd03f4014d98

                                                                                                                                                SHA1

                                                                                                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                SHA256

                                                                                                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                SHA512

                                                                                                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                Filesize

                                                                                                                                                16B

                                                                                                                                                MD5

                                                                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                SHA1

                                                                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                SHA256

                                                                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                SHA512

                                                                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                Filesize

                                                                                                                                                16B

                                                                                                                                                MD5

                                                                                                                                                aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                SHA1

                                                                                                                                                dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                SHA256

                                                                                                                                                4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                SHA512

                                                                                                                                                b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                Filesize

                                                                                                                                                44KB

                                                                                                                                                MD5

                                                                                                                                                f71a810c639b08f63db9e5cf1f77e265

                                                                                                                                                SHA1

                                                                                                                                                726e92a0034c009c359a4a54cdce92b453265a31

                                                                                                                                                SHA256

                                                                                                                                                6541cbc186762418731639c2ac6f9b8efbe96682c1df4e4a5a3f115c5bf4b0fd

                                                                                                                                                SHA512

                                                                                                                                                47e304391703a332af19c62de910d3b84d5a9c5c36f6eab3715e6bcce3d4cf10b751b1324471d86327a847bd4aa64618cd68dcfc26cdbae45e56c9f02071b039

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                                                                                                Filesize

                                                                                                                                                264KB

                                                                                                                                                MD5

                                                                                                                                                f2b2da705b34a6f67832bf71bf64df47

                                                                                                                                                SHA1

                                                                                                                                                d9993059536f794d06727cd498c28253034fbdc7

                                                                                                                                                SHA256

                                                                                                                                                12751337e5656b1711f8c453737ead7b14ed661de8ba39b235ffb92a715f1552

                                                                                                                                                SHA512

                                                                                                                                                103e08bb11eb6308865b778c54bd4b5d2701c5c5836f90d59cf79132514e5b4c74aba9c9a5b6017fa533171228ad41e9bda72778ad97a1966ef1eaf92edae122

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                758eae4af9d020681d430df7a7e007db

                                                                                                                                                SHA1

                                                                                                                                                707778a243fd97b35056c9629eef0c23ddd76767

                                                                                                                                                SHA256

                                                                                                                                                2c11de4c720091c3722aebd857bf71771e35d8004675df869f84dee2f369dda0

                                                                                                                                                SHA512

                                                                                                                                                05e67645c9b2f76ecf384c849af27557fc29d5a8ec16d57087bc90b25690c0794308922ca7373c1a6d9c8dc11568868c8efc466b9df045ef040118e7085a327b

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                a07592980f8b7e357b17f8be158c2571

                                                                                                                                                SHA1

                                                                                                                                                810ea42cd88ef7f9452ac2c5c02af2eb8133b1bc

                                                                                                                                                SHA256

                                                                                                                                                eb41f16918d696b6502e18369daa0dbea1eb608ef1f73a14667629c55c838532

                                                                                                                                                SHA512

                                                                                                                                                6544ca7eb1e1a7376329530f392431bc5107d8f81bdd3e45ededd1a9df7786c5eb79826c3511a5d286cea81070a532aeb801d9677c776d0e7a3cf3e9c81332fd

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                25933bf413df57f8b9813aa393967482

                                                                                                                                                SHA1

                                                                                                                                                df0ec9f5ef64c5392afb5d9c97f1313693cff22b

                                                                                                                                                SHA256

                                                                                                                                                54bb50db9344f712136963d479b6f4f256091dfcce61f3dff23ad2d4355849ce

                                                                                                                                                SHA512

                                                                                                                                                19d8f287b963d4f86e1fb624d28e464824b6af472a3cb5bc8e91fbc23eda8f7c5222c6cc02cce75a79875f4a3b91e5d7d79c30acd9bd9fb01dc387ccb3e1b2a8

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                150415ca3d84964af65fa5c5a40dbe20

                                                                                                                                                SHA1

                                                                                                                                                e2f66ed421b039cee3417b537096b49b9b83b7ed

                                                                                                                                                SHA256

                                                                                                                                                80f6c67fdfdcf46e44241caafa449b0bdd5798e53d4bbdbb5f8973baaa18fe34

                                                                                                                                                SHA512

                                                                                                                                                40db20f5a67bccd5b6d6e3760f3d7c71c182cf717c9ed5fcaf5bebe8af2f9c6ec6100b71fef43bfe3033163858c2767803412ac3331a207b3d007f3a2b9572d5

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                62d9b9761cf7cb43142d8da242eb8041

                                                                                                                                                SHA1

                                                                                                                                                8ddc74bc4e3f22b08da944df57fb31fc09d05f44

                                                                                                                                                SHA256

                                                                                                                                                f517b7f36f1c2c321f11a915a1f1db882889c1e193ccd763f9d840df2d3e0fff

                                                                                                                                                SHA512

                                                                                                                                                8e9a6580be79cefc9bb178d3bf5f605c25c2534e4fa0a7c060b7cf4704143db094922b9735e395eda2867a720bd4921fcb256502e7b36b0f6b08c3ce7ce53ccb

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                3cb42a11667c14a54d9a61193902b7a8

                                                                                                                                                SHA1

                                                                                                                                                bca86442506d4b1696e2b9e3c825219b38784009

                                                                                                                                                SHA256

                                                                                                                                                5c2cf456c00b700dfc8f90916631a2d695f7c7e2bc460b9aad0d4e892a8d8742

                                                                                                                                                SHA512

                                                                                                                                                56821fad7aa1c35e8cdb410cd34d873388b4dc00e298b6f4d39b5ff5f37568fb8ec3729ebf2984e4e982dabcb97802095b1e47a00de28f584621b219bae9da27

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                9548a5e33681973638a49b66dfe1b1bd

                                                                                                                                                SHA1

                                                                                                                                                853c4e8012ad01deac235af96886d458569316d0

                                                                                                                                                SHA256

                                                                                                                                                f347ff59198ff1ac1ae4724523d8f38225b730e7b5e37b34f2c0ce9d11adf0e8

                                                                                                                                                SHA512

                                                                                                                                                ea52fe429f0e950662a0bdc095de08aec75fb8872c4971c1896b14458b73ea69d2d8efbadeb485f584597cbabccd6959ccce6a90500694fa8214a9a47fcbc4d0

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                5a146b69d3c96683b4a4df51a7b55afd

                                                                                                                                                SHA1

                                                                                                                                                9a10212a7a94a3dd495d7276d8e78c065c04f8be

                                                                                                                                                SHA256

                                                                                                                                                c52ff950b0b7e18331086d77230fda90b33dafdc891fa893d54611a510dbf35a

                                                                                                                                                SHA512

                                                                                                                                                3f023ae5b3195f3dc8aa6d99ae3f23ee6a9c389f83d8d2dd5d96b216e3b85c1b5d4dd6fa7545864f0e126f5db690fb6fd88b18cfed29dd8568dd2030be4a51f9

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                23e61922cdfaa11419dec177677edbe9

                                                                                                                                                SHA1

                                                                                                                                                2144428b0337b039a46d6b883b36ec579b9b4463

                                                                                                                                                SHA256

                                                                                                                                                61541bff55edc91131464841d2a83b56becdbf84d074b07957185b29995f5c69

                                                                                                                                                SHA512

                                                                                                                                                bbd24bae80aa0d94cae8246033fc3d61b13bcaee6d2f3edde3681547abf9f21d0f76173fc0524cf6a5a379a153d7a0cbd6adf14dbbef8df2db195d4d0eea124a

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                c14ac14b26c79282857a55a282d3f424

                                                                                                                                                SHA1

                                                                                                                                                3a32fb69fdc61c1f3e5d81677ed0f6fedeb44d0d

                                                                                                                                                SHA256

                                                                                                                                                2181dfd96089a02bd91871baef775b37426f24bf760b4b14e7829fe2aa3546fd

                                                                                                                                                SHA512

                                                                                                                                                922937ea8c60caafcd14ecfc8d7ecbffbad0023c812ad55282280b231d5b4d0df5604f30ebbb656bdf2d9561ade3e3158cf08592ce2969ee10b940dc86518d8c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                9708c5557004f7cb3eccc6fc4d94993a

                                                                                                                                                SHA1

                                                                                                                                                e011d6f2acbbc418a96f41010012d9573aa0ef63

                                                                                                                                                SHA256

                                                                                                                                                b075e32f85da2feca2e7aab3cef6e754b8f1236f33d8adeb6f830e22f509c725

                                                                                                                                                SHA512

                                                                                                                                                eea04d5d7a78d2b958dc6a48be3d9a72066e17ca296d44b6b0610229b06c6d82405e1029624df3e42cce81444c853458f3714c3d83e7675e1adfbf77f9dfcc3b

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                e47baa312dbc5a273e3ca899f19a4ce8

                                                                                                                                                SHA1

                                                                                                                                                472590ae88e5171c8ce0968e85ef1b58af005c01

                                                                                                                                                SHA256

                                                                                                                                                9c3ab2a1d5682a138c10d54898590eec18e6c1dc4b6acbd70d467a02fb5f0beb

                                                                                                                                                SHA512

                                                                                                                                                7e5abd7fd9ce5255b0db7b3fdecf146f99beef9acd34a7383d3d09cf69d9ae23c2adcf1bbcd6a4a45ec262d7a00197194e342f8288dae6ba03200d54a1a93f98

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                Filesize

                                                                                                                                                11KB

                                                                                                                                                MD5

                                                                                                                                                4285b68fcd5680d308484a568970c4ac

                                                                                                                                                SHA1

                                                                                                                                                891f950550d99aa396004c8465b21cd2781962e3

                                                                                                                                                SHA256

                                                                                                                                                d52643d65e758b07bebb6b5d3058fa383f58c80721abed54fad5092bec0b3706

                                                                                                                                                SHA512

                                                                                                                                                a2012ef58e1f90a77918a3aeeb9e936f0aa2ae64ba4c1b4330b0fbfc340fecbe7b7d96fdfe96c74d15caf1b867aa373de227ff6aa765a0d97cdffc94cf27b9a3

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                                                                                                                                                Filesize

                                                                                                                                                28KB

                                                                                                                                                MD5

                                                                                                                                                f7daac50dc2bd1cbe83edf75cd7cefb9

                                                                                                                                                SHA1

                                                                                                                                                f494ebf4a16dec7acec4f4fef607d727293905d1

                                                                                                                                                SHA256

                                                                                                                                                fdcd2168ba7782d412e65d06e179e87a4591156457f8cb6b9bda0c4ef7dafe6f

                                                                                                                                                SHA512

                                                                                                                                                c879c5da98940ce6797186e8d32dcc69b39cbb93163a9de092fbc8aac5ef326daf0bf163784c56aba3e01249d667d2758c2a3ee32b553f0f17a4a70758cacafd

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                                                                                                                                                Filesize

                                                                                                                                                28KB

                                                                                                                                                MD5

                                                                                                                                                ec2ce4edeb60ab1f1d54b59f5c47ccb3

                                                                                                                                                SHA1

                                                                                                                                                31ec62d3d996ad8e272f9d4ede8b2a9de87a6066

                                                                                                                                                SHA256

                                                                                                                                                82556525a41a379d25910e5a22b5e95a3ddbd722c0f7487612a92a0bdc9241b5

                                                                                                                                                SHA512

                                                                                                                                                5403fbab27a80901ee70c03396d9a92d4f5a621bd27147ad208f6fd75fd60a9de25a819edaaa4c4e847c5a6b5021e15a049966f52381e53fd7426c4ec5577f8f

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                                                                                                                                                Filesize

                                                                                                                                                28KB

                                                                                                                                                MD5

                                                                                                                                                fe30a1ea62f6f046c6733560e4a298ee

                                                                                                                                                SHA1

                                                                                                                                                5a692fbca7bd9401d3d718f624e4fe6d247dc10f

                                                                                                                                                SHA256

                                                                                                                                                37ccb6c6c60bfe3ef4889fb44a389b742a8e4e21cfe53227724532f883e8edb2

                                                                                                                                                SHA512

                                                                                                                                                a81c69a0c3702175b781022ae008917396f2af909d2af905cb59ba927e55544e5a682fd302930a2fb01f61496fe89ffe697362b79ec09726a2e2d96bca0336b4

                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

                                                                                                                                                Filesize

                                                                                                                                                14KB

                                                                                                                                                MD5

                                                                                                                                                ac031dc74cac272ef0cd63b82b835e13

                                                                                                                                                SHA1

                                                                                                                                                2811476cecb44092b296a62b2a420f898a95d78b

                                                                                                                                                SHA256

                                                                                                                                                d32df713d5c0bf01cbfef3a349b644eb16ceeef7d7da58ac293528167f5aff5a

                                                                                                                                                SHA512

                                                                                                                                                c5942c0dff3f07777b631b0251526498f1f008b93ffbd5f8ca50baea28fa5e2b20333b7eb008642ac41987d38bcbb61042467c9180d29a8293a4be8d0703fbb1

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YUL4B0YX\www.bing[1].xml

                                                                                                                                                Filesize

                                                                                                                                                17KB

                                                                                                                                                MD5

                                                                                                                                                3d7e69e883df0877e71977e9353b9cfe

                                                                                                                                                SHA1

                                                                                                                                                9f42076b441ab4bb301f1cb68afc4e1e9c03539a

                                                                                                                                                SHA256

                                                                                                                                                c38899c01a995aecb0b2faebf388c89e7c812a3625c42f856aadcb4fecb92383

                                                                                                                                                SHA512

                                                                                                                                                8bbf4e89498e6f32278181632ade9eeb142e560da91bb7b0b9a68ba64e3d4663304f64344fd291ed59c50ce5ff32e3ce1cf117b1608e86dee63fc647286619c3

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YUL4B0YX\www.bing[1].xml

                                                                                                                                                Filesize

                                                                                                                                                2KB

                                                                                                                                                MD5

                                                                                                                                                2ded6b3f5bb22af28d0709fda4dbe47b

                                                                                                                                                SHA1

                                                                                                                                                5ef5950509d965cf64aa646d6613a212cadb9436

                                                                                                                                                SHA256

                                                                                                                                                af01a08fd142cc7169c98fae9aa9d0549e8e8a8fe29b007b2a66831ff1d260bd

                                                                                                                                                SHA512

                                                                                                                                                a040a4d029b6ebc515be71ba130f307c6e1952ddc76c6c8b2cfed606efbbfcee762a12e2212108b91924cd53375e5e985e6d752291f40304e30df32779e8a30f

                                                                                                                                              • C:\Users\Admin\AppData\Local\Programs\Walliant\walliant.exe

                                                                                                                                                Filesize

                                                                                                                                                257KB

                                                                                                                                                MD5

                                                                                                                                                60d3737a1f84758238483d865a3056dc

                                                                                                                                                SHA1

                                                                                                                                                17b13048c1db4e56120fed53abc4056ecb4c56ed

                                                                                                                                                SHA256

                                                                                                                                                3436c29dec2c7f633f4766acaf334f6c395d70ea6180c0ea7c1610591d5d89b9

                                                                                                                                                SHA512

                                                                                                                                                d34f42b59349f3be1ac39a57207f616a44f56a6c74157be8116fff5df75275928065065a89f10bd79849e58b14d1e5e0ea156be5996ff8ca4f5d854e107c96fe

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\TCD61E6.tmp\iso690.xsl

                                                                                                                                                Filesize

                                                                                                                                                263KB

                                                                                                                                                MD5

                                                                                                                                                ff0e07eff1333cdf9fc2523d323dd654

                                                                                                                                                SHA1

                                                                                                                                                77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                                                                                                                                                SHA256

                                                                                                                                                3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                                                                                                                                                SHA512

                                                                                                                                                b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]

                                                                                                                                                Filesize

                                                                                                                                                239KB

                                                                                                                                                MD5

                                                                                                                                                2f8f6e90ca211d7ef5f6cf3c995a40e7

                                                                                                                                                SHA1

                                                                                                                                                f8940f280c81273b11a20d4bfb43715155f6e122

                                                                                                                                                SHA256

                                                                                                                                                1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

                                                                                                                                                SHA512

                                                                                                                                                2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]:Zone.Identifier

                                                                                                                                                Filesize

                                                                                                                                                82B

                                                                                                                                                MD5

                                                                                                                                                537feb917e25ff7e33db6c91c6ec8717

                                                                                                                                                SHA1

                                                                                                                                                a21c7bc720892b24cc7fd2d977af79eff4eae726

                                                                                                                                                SHA256

                                                                                                                                                cddcaccbb8c39190d9dee85549bee3e28f081277290447915586f3448f769a38

                                                                                                                                                SHA512

                                                                                                                                                70c1379dcfbecb045f8f77241d8e62e40858865cefbd6bffcaf774c584bf6a573d05413d4d7b13f5719551b8910df835804144e01dc0b8b85dfce796e146cd34

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]

                                                                                                                                                Filesize

                                                                                                                                                396KB

                                                                                                                                                MD5

                                                                                                                                                13f4b868603cf0dd6c32702d1bd858c9

                                                                                                                                                SHA1

                                                                                                                                                a595ab75e134f5616679be5f11deefdfaae1de15

                                                                                                                                                SHA256

                                                                                                                                                cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

                                                                                                                                                SHA512

                                                                                                                                                e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\[email protected]:Zone.Identifier

                                                                                                                                                Filesize

                                                                                                                                                83B

                                                                                                                                                MD5

                                                                                                                                                3e2f255904b73797127ea9d236cf8cc4

                                                                                                                                                SHA1

                                                                                                                                                68e1f5f57b3d83b9b0e85083aed64cfe08621d27

                                                                                                                                                SHA256

                                                                                                                                                748a7337beb099985aa4df4d5dfad20e9feb8d453700093549f606b509a96288

                                                                                                                                                SHA512

                                                                                                                                                f47d894e1996a672570fa3057094ea13da68b7f63f6f1374c560d4a2ee72442fd9b8b86018de77b3ab17adc8b96b79e1b27d847838321179a21fb79cc5b928cd

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Walliant.zip\ska2pwej.aeh.exe

                                                                                                                                                Filesize

                                                                                                                                                5.0MB

                                                                                                                                                MD5

                                                                                                                                                929335d847f8265c0a8648dd6d593605

                                                                                                                                                SHA1

                                                                                                                                                0ff9acf1293ed8b313628269791d09e6413fca56

                                                                                                                                                SHA256

                                                                                                                                                6613acb18cb8bf501fba619f04f8298e5e633cb220c450212bbc9dd2bef9538d

                                                                                                                                                SHA512

                                                                                                                                                7c9a4d1bec430503cc355dc76955d341e001b06196d4b508cc35d64feb2e8ba30e824e7c3a11c27135d7d99801f45f62a5b558563b4c78f89f5d156a929063fd

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Walliant.zip\ska2pwej.aeh.exe:Zone.Identifier

                                                                                                                                                Filesize

                                                                                                                                                77B

                                                                                                                                                MD5

                                                                                                                                                41d55995d0bd51e578a5b6bc1133430c

                                                                                                                                                SHA1

                                                                                                                                                e92c870fcc807d9a8a49f3ba6a2cd7d1bc31e4bb

                                                                                                                                                SHA256

                                                                                                                                                11a76b4ac393a1b8ecd5be2b6d208054349b425173b8306d9d2ceed45121bf7a

                                                                                                                                                SHA512

                                                                                                                                                f2a62d0bf3841ef7503bb051746014308ed751e085d7465ef0ff72f0a54502fd91f6cef3aa3f964721f2aecc943dd422398f661f286366eab646167181320d3f

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe

                                                                                                                                                Filesize

                                                                                                                                                110KB

                                                                                                                                                MD5

                                                                                                                                                ab648a0df4fe7a47fe9d980c545b065d

                                                                                                                                                SHA1

                                                                                                                                                ce28ea7dd117289daf467467a592bc304c72d4e6

                                                                                                                                                SHA256

                                                                                                                                                905a849721ec95ab08754aeee9a60b3ed435d36962466fcbe5cfca63dfc455cd

                                                                                                                                                SHA512

                                                                                                                                                7ae99da55fbf1c31c5281e5f4e10ab2bc33b89effeee82b574eb4b60541c5ea2913d5d99836608873da372c78e75436ae7e535568f48d81cb9dd26d2cc1b3a8c

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Uninstall.ini

                                                                                                                                                Filesize

                                                                                                                                                3KB

                                                                                                                                                MD5

                                                                                                                                                c92a1d4d0755c886dd137c6cab43c35e

                                                                                                                                                SHA1

                                                                                                                                                fc16175e58ad1f67c57e7fdf55333fdd0e01d936

                                                                                                                                                SHA256

                                                                                                                                                6ab1ee65e6c9c5e31fe3680fc92a2a0ae73f216e966f5582a2d9c265357238d4

                                                                                                                                                SHA512

                                                                                                                                                0525880a1f4cc7dd912ca4006fe4bd02bf1218931fcb56489a0ec728a682fdf1ecd35e8797c665c63dc19d8236942d9b832a6a8c46e00df02afa2c65327dd9de

                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

                                                                                                                                                Filesize

                                                                                                                                                2.5MB

                                                                                                                                                MD5

                                                                                                                                                62e5dbc52010c304c82ada0ac564eff9

                                                                                                                                                SHA1

                                                                                                                                                d911cb02fdaf79e7c35b863699d21ee7a0514116

                                                                                                                                                SHA256

                                                                                                                                                bd54ad7a25594dc823572d9b23a3490ff6b8b1742a75e368d110421ab08909b2

                                                                                                                                                SHA512

                                                                                                                                                b5d863ea38816c18f7778ef12ea4168ceb0dae67704c0d1d4a60b0237ca6e758c1dfc5c28d4fc9679b0159de25e56d5dfff8addacd7a9c52572674d90c424946

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\New Microsoft Word Document.docx.LNK

                                                                                                                                                Filesize

                                                                                                                                                612B

                                                                                                                                                MD5

                                                                                                                                                7f7a48e14d6f587bc2510c3b2c70748d

                                                                                                                                                SHA1

                                                                                                                                                b486f01f29741b19465e272c1411cb3820c457b7

                                                                                                                                                SHA256

                                                                                                                                                bb921c71c1231c37904da9e78f9d193311149cf8b7b0e368ab9370caa5751eab

                                                                                                                                                SHA512

                                                                                                                                                fd2894f315ead63c0fe7e3c80afbdbb9a86368018de6ca9b590af62a176511fe3175be52d0ff2abfd2c1b217715ca1bebc5d3cf49bf12099a20fb768cc96cfd9

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                Filesize

                                                                                                                                                302B

                                                                                                                                                MD5

                                                                                                                                                72c0fcce0c92f6adfe3b678b6d4d271f

                                                                                                                                                SHA1

                                                                                                                                                492c9f222106c79a3be43fc0c96c6897b5bae2a1

                                                                                                                                                SHA256

                                                                                                                                                c4ab7d3d619308716afe7689bcedccbbd1b73055e7218b472f948e9078b1fa5b

                                                                                                                                                SHA512

                                                                                                                                                c8582ccf9a26cb084bb9739d52bf7afc269ed2dfe5a270a83c479f5ae617942ddd0168aa770d592682cfea2aa6997bc20296106667f72805dc7bb6dac9c183dc

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                Filesize

                                                                                                                                                16B

                                                                                                                                                MD5

                                                                                                                                                d29962abc88624befc0135579ae485ec

                                                                                                                                                SHA1

                                                                                                                                                e40a6458296ec6a2427bcb280572d023a9862b31

                                                                                                                                                SHA256

                                                                                                                                                a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

                                                                                                                                                SHA512

                                                                                                                                                4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                9KB

                                                                                                                                                MD5

                                                                                                                                                286b072e6f3da6c06aa7e6fa1973db4f

                                                                                                                                                SHA1

                                                                                                                                                936dafc9fcaf483b0da9388523f0077e65f95ac2

                                                                                                                                                SHA256

                                                                                                                                                02e9b75595c9f314033fcb95ce5cd7a3bb41d2775076f16ccd5025ff9d7c12d9

                                                                                                                                                SHA512

                                                                                                                                                0e1f24633d563e058af66d78aeeda941fccfa74824fc022f63052d0f100c02c93a9708b4d688b3ba6debbf379e4f135ebaab4062e55584031601b921812a30c5

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                7KB

                                                                                                                                                MD5

                                                                                                                                                d5986eb2674f35064d6c3fe3255f8ca9

                                                                                                                                                SHA1

                                                                                                                                                8038c01b2326b73b6d93293323634ca85bcf50bc

                                                                                                                                                SHA256

                                                                                                                                                75ccec3c3a64a8466c4743daba3cec94cb068ff635a48128abc969cd52ee79d2

                                                                                                                                                SHA512

                                                                                                                                                77c87a6f013ccbfb3bbca65186b8c9d8468d09c10255bf45f49234fdf1a9ff030fdfaacbaf0892d6ab1a24df4d4025f33dc0eb9d41a7aa7e34378b5e126dd7b8

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                7KB

                                                                                                                                                MD5

                                                                                                                                                9bc2a26360c9688be16b1e24ebcf275c

                                                                                                                                                SHA1

                                                                                                                                                e1de5e60c00acd04644a7250b7ed68e34553b326

                                                                                                                                                SHA256

                                                                                                                                                3bd4105e64075e7e25b9e54a0189cb614e199c99063693d29ea4d99f12fcbf57

                                                                                                                                                SHA512

                                                                                                                                                0b81b52f56e7dbb07f07f6427fbc99e5632049d94f147a978561ee83c0f165e5c10c235b4ff7ed91ede8f664dd487da90fbf987c2b00e6fbf1a9cec1fd5f7d8c

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                7KB

                                                                                                                                                MD5

                                                                                                                                                1cd3afc29897897912fd52097132a7a7

                                                                                                                                                SHA1

                                                                                                                                                61f5c4d453545e2a0dd234bc1022861cca61401f

                                                                                                                                                SHA256

                                                                                                                                                b35e98f5784923acd139ebe090ec1f69bdc46eec54f47894f8590ad6c3e7a22e

                                                                                                                                                SHA512

                                                                                                                                                0a8d5bae43f2b5c1a4837042934f1aab69cf4f18aa573cad74ab48b52b09cdf35ae830ca0a27e83b2f685829a6ea46ea90739a41773c4333c317798a15c98116

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                666B

                                                                                                                                                MD5

                                                                                                                                                d3dfbf154799404f78668c4b42549174

                                                                                                                                                SHA1

                                                                                                                                                f85dcd2fc5e6991583575a894a4967af38fc504e

                                                                                                                                                SHA256

                                                                                                                                                db22206174e788cacfeb6c1496e07bb74d47b89bb1624806f51a8448b5b2fa43

                                                                                                                                                SHA512

                                                                                                                                                3205c0f887a598e77452d997b702048bf41154b1304b0451cd2a58858924bc8c2492b66d9ab8dcfaf6f8dad6a46ee401c4f6374d8f18762224b32105b5a84689

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

                                                                                                                                                Filesize

                                                                                                                                                1KB

                                                                                                                                                MD5

                                                                                                                                                c64199a342974957c76eb6246c2f2687

                                                                                                                                                SHA1

                                                                                                                                                82357963bd3d2373fc2e8013ccfae04eba047151

                                                                                                                                                SHA256

                                                                                                                                                d1120ef68449fa6e0c925c656d197dbbcf2601ab633ba90a41d14392dac32c13

                                                                                                                                                SHA512

                                                                                                                                                8fc6e0603c1011a7ec7f5003dc4db4a448bbcea480fe39cff28122523b2f416a0af15fcc33d3ac6d91a3791c01aa5ee6a39782a26ff771039fefcdf260953efb

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of New Microsoft Word Document.asd

                                                                                                                                                Filesize

                                                                                                                                                27KB

                                                                                                                                                MD5

                                                                                                                                                208a7f7f9da1dafc4412f2d2aaa09748

                                                                                                                                                SHA1

                                                                                                                                                6daa946d84889e057e5b8c810cfa07c5891cdf2e

                                                                                                                                                SHA256

                                                                                                                                                c72158ba9774a026c6246308541a55283ad1e4047403dbe4189dd0ce536a05bd

                                                                                                                                                SHA512

                                                                                                                                                4047708788c703779b75b7c188ac0b6e9594767c2cc5d0afbe93062761b76f6f4f0dcbd2d2cc846128c315553d4a6acfbd3b5b70e6b3d3580e5c8516cffc3cf7

                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Word\New%20Microsoft%20Word%20Document311259731662597954\New%20Microsoft%20Word%20Document((Autorecovered-311259733856190992)).asd

                                                                                                                                                Filesize

                                                                                                                                                27KB

                                                                                                                                                MD5

                                                                                                                                                8214c588f11a8b4427035d8eb6b48a1b

                                                                                                                                                SHA1

                                                                                                                                                0ec6dbe842d90c40cb29480bc77507a6b6a94223

                                                                                                                                                SHA256

                                                                                                                                                8aea567659384aece1f6275acf2ddd297f5d4023b2401a6dac15e1136c39aa61

                                                                                                                                                SHA512

                                                                                                                                                bedfd6f684563da8ee867fdd806e50b54810464c12b102d8c8727bb6f978480d9633dde27cc84fe2f95a7724b5ac06da609a54e7589ba487d877826c3def195e

                                                                                                                                              • C:\Users\Admin\Desktop\Free Youtube Downloader.lnk

                                                                                                                                                Filesize

                                                                                                                                                2KB

                                                                                                                                                MD5

                                                                                                                                                f5b00fd6913e2e1628f340b935ffeb72

                                                                                                                                                SHA1

                                                                                                                                                cd40173aa5c2395cecd8a85e6bc19bde8d057e0d

                                                                                                                                                SHA256

                                                                                                                                                b504442787e2b8109eb56fb652c9201ad833fac10a5c1a5a91899f27c9138d65

                                                                                                                                                SHA512

                                                                                                                                                1c76545f62be67b5ed316ecab7c797d4633a2c2cb54dfda3bd3e61a5e1f52b4b50d28378e8cec36608c895709ec9fe16517a9b46dacc96b4cdc9058e1972fe6b

                                                                                                                                              • C:\Users\Admin\Downloads\CPURocket.7z

                                                                                                                                                Filesize

                                                                                                                                                671KB

                                                                                                                                                MD5

                                                                                                                                                b6a1c3dee30ae984547a08ba85b1ffbc

                                                                                                                                                SHA1

                                                                                                                                                7d6b6f2d114ce86ed8c2814ad4c920b5051eb98f

                                                                                                                                                SHA256

                                                                                                                                                bd99aad600f97f7ae57f5f3b813b3d981d5b6d7c49e90a3b1216b3d5b4e4a51b

                                                                                                                                                SHA512

                                                                                                                                                5d0dfa99fdb2639603e4c2756b36ce4265d9641c486db0671ae2d3bace52c58ee77047d317fa5aeebbc389c5f6f3d410fe8a96bd86e877834978e72aafd185e2

                                                                                                                                              • C:\Users\Admin\Downloads\CPURocket.7z:Zone.Identifier

                                                                                                                                                Filesize

                                                                                                                                                55B

                                                                                                                                                MD5

                                                                                                                                                0f98a5550abe0fb880568b1480c96a1c

                                                                                                                                                SHA1

                                                                                                                                                d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                                                                SHA256

                                                                                                                                                2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                                                                SHA512

                                                                                                                                                dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                                                              • C:\Users\Admin\Downloads\Deskbottom.zip

                                                                                                                                                Filesize

                                                                                                                                                236KB

                                                                                                                                                MD5

                                                                                                                                                0575625e5ced1be9f4018c5afa456406

                                                                                                                                                SHA1

                                                                                                                                                70f86daa07564d318c2825e08e2f70e8bcbd7967

                                                                                                                                                SHA256

                                                                                                                                                37e612d9c4d2fdc46c132a1ebac107c720e45135f5c79956140f8d38a951332f

                                                                                                                                                SHA512

                                                                                                                                                992f17fe1348d9f4d5f3870302a268998194e8d59c1087b3474568434e8dd90aeefe57aff7d0caa91fcfe7239cf9e9f38094b3767ae9d9bb592c41942282088f

                                                                                                                                              • C:\Users\Admin\Downloads\DesktopPuzzle.zip

                                                                                                                                                Filesize

                                                                                                                                                121KB

                                                                                                                                                MD5

                                                                                                                                                6ec216cae1f0e898635d296bbb1a7539

                                                                                                                                                SHA1

                                                                                                                                                8725949a62c581e4c55d7338dcf3f67997840278

                                                                                                                                                SHA256

                                                                                                                                                431b9b7321f734a3f11b23e638199ff1f0d9abe9374ec299484d9e47f20b4ee2

                                                                                                                                                SHA512

                                                                                                                                                b619a5e8ccc0473d99453108085b1678a75dc816bbeb1d5301cd265ff8aee18e214d4e7b877d0d5d13921238d45581cb89021c4dbfb9ba2f3bddb4d4f297ddfe

                                                                                                                                              • C:\Users\Admin\Downloads\FakeActivation.zip

                                                                                                                                                Filesize

                                                                                                                                                275KB

                                                                                                                                                MD5

                                                                                                                                                6db8a7da4e8dc527d445b7a37d02d5d6

                                                                                                                                                SHA1

                                                                                                                                                4fcc7cff8b49a834858d8c6016c3c6f109c9c794

                                                                                                                                                SHA256

                                                                                                                                                7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

                                                                                                                                                SHA512

                                                                                                                                                b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

                                                                                                                                              • C:\Users\Admin\Downloads\Flasher.zip

                                                                                                                                                Filesize

                                                                                                                                                236KB

                                                                                                                                                MD5

                                                                                                                                                4c8bbc6463c293014ebc570d8df35403

                                                                                                                                                SHA1

                                                                                                                                                aee8b60bbd853603234a68905e268cc45152237b

                                                                                                                                                SHA256

                                                                                                                                                646b0a869c221a54fe1f311e8576bbf9c5ee6e1e4f4f15a327115cf7951ad395

                                                                                                                                                SHA512

                                                                                                                                                aaa15c109c4a7eacd9fac1520c16c8b2a9bdc93c9b6afd29b3145e3a74d34fd07502532f28d27edc2cd8e9384657371f82555e3dab1c2c0da956c69d463bb67d

                                                                                                                                              • C:\Users\Admin\Downloads\HMBlocker.zip

                                                                                                                                                Filesize

                                                                                                                                                38KB

                                                                                                                                                MD5

                                                                                                                                                5968e8a8caa61b46ba347f8c521c1f2e

                                                                                                                                                SHA1

                                                                                                                                                88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c

                                                                                                                                                SHA256

                                                                                                                                                a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35

                                                                                                                                                SHA512

                                                                                                                                                6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3

                                                                                                                                              • C:\Users\Admin\Downloads\SoftwareOnlineComplaint.pdf

                                                                                                                                                Filesize

                                                                                                                                                341KB

                                                                                                                                                MD5

                                                                                                                                                34d9f50e01c3a96e38e1ec5b9396ed8e

                                                                                                                                                SHA1

                                                                                                                                                00ec780f782ba768139be42066b3f10597db49bd

                                                                                                                                                SHA256

                                                                                                                                                08d41c7805018926f91e2b0f306234b63a0a3ff63eb1021e5652ccc4725fd054

                                                                                                                                                SHA512

                                                                                                                                                fc797f279058aad12f57ead27fc1871b9e64aaa5e455c65107cdae1e3dbe573742fc822f70ad8dc66bd64f12d599393fed9a777e5f5266a7c8d617e404913ed3

                                                                                                                                              • C:\Users\Admin\Downloads\Walliant.zip

                                                                                                                                                Filesize

                                                                                                                                                4.5MB

                                                                                                                                                MD5

                                                                                                                                                33968a33f7e098d31920c07e56c66de2

                                                                                                                                                SHA1

                                                                                                                                                9c684a0dadae9f940dd40d8d037faa6addf22ddb

                                                                                                                                                SHA256

                                                                                                                                                6364269dbdc73d638756c2078ecb1a39296ddd12b384d05121045f95d357d504

                                                                                                                                                SHA512

                                                                                                                                                76ccf5f90c57915674e02bc9291b1c8956567573100f3633e1e9f1eaa5dbe518d13b29a9f8759440b1132ed897ff5a880bef395281b22aaf56ad9424a0e5e69a

                                                                                                                                              • C:\Users\Admin\Downloads\Walliant.zip:Zone.Identifier

                                                                                                                                                Filesize

                                                                                                                                                26B

                                                                                                                                                MD5

                                                                                                                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                SHA1

                                                                                                                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                SHA256

                                                                                                                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                SHA512

                                                                                                                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                              • C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

                                                                                                                                                Filesize

                                                                                                                                                153KB

                                                                                                                                                MD5

                                                                                                                                                f33a4e991a11baf336a2324f700d874d

                                                                                                                                                SHA1

                                                                                                                                                9da1891a164f2fc0a88d0de1ba397585b455b0f4

                                                                                                                                                SHA256

                                                                                                                                                a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

                                                                                                                                                SHA512

                                                                                                                                                edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

                                                                                                                                              • memory/1068-821-0x000002C9DDD00000-0x000002C9DDE00000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1024KB

                                                                                                                                              • memory/1068-838-0x000002C9FFBF0000-0x000002C9FFCF0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1024KB

                                                                                                                                              • memory/1068-866-0x000002C180CD0000-0x000002C180DD0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1024KB

                                                                                                                                              • memory/1068-840-0x000002C1808C0000-0x000002C1808E0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1068-981-0x000002C184200000-0x000002C184300000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1024KB

                                                                                                                                              • memory/1068-884-0x000002C9FFD90000-0x000002C9FFDB0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1068-908-0x000002C1816C0000-0x000002C1816E0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1068-1444-0x000002C1945B0000-0x000002C1946B0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1024KB

                                                                                                                                              • memory/1068-1450-0x000002C182160000-0x000002C182180000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1068-885-0x000002C180BB0000-0x000002C180BD0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1092-1861-0x00007FFF2BFB0000-0x00007FFF2BFC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1864-0x00007FFF29410000-0x00007FFF29420000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1863-0x00007FFF29410000-0x00007FFF29420000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1859-0x00007FFF2BFB0000-0x00007FFF2BFC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1862-0x00007FFF2BFB0000-0x00007FFF2BFC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1860-0x00007FFF2BFB0000-0x00007FFF2BFC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1092-1858-0x00007FFF2BFB0000-0x00007FFF2BFC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                64KB

                                                                                                                                              • memory/1716-2581-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1716-2604-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1716-2603-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1716-2588-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1716-2605-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1716-2568-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/1876-529-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-522-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-533-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-528-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-531-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-532-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-523-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-527-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-530-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1876-521-0x0000021041790000-0x0000021041791000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2020-2681-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/2020-2680-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/2020-2682-0x0000000000400000-0x0000000000441000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                260KB

                                                                                                                                              • memory/2124-1549-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1551-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1550-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1555-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1556-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1560-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1559-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1558-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2124-1557-0x000001F84CD30000-0x000001F84CD31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2328-471-0x0000000000400000-0x0000000000479000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                484KB

                                                                                                                                              • memory/2752-1183-0x000002148B9A0000-0x000002148B9CE000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                184KB

                                                                                                                                              • memory/4000-1614-0x0000000005710000-0x0000000005CB6000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                5.6MB

                                                                                                                                              • memory/4000-1615-0x0000000005240000-0x00000000052D2000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                584KB

                                                                                                                                              • memory/4000-1613-0x00000000006F0000-0x0000000000764000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                464KB

                                                                                                                                              • memory/4000-1616-0x0000000005230000-0x000000000523A000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                40KB

                                                                                                                                              • memory/4612-1843-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1841-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1842-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1845-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1837-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1844-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1839-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1838-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4612-1846-0x000001A4A2710000-0x000001A4A2711000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4844-1182-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                240KB