Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-08-2024 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a9c136d300c0315acd9ef384cbb745cbe25666b0fd1e32ed6671a9da3d4248c.exe

  • Size

    1.8MB

  • MD5

    bc84ed6e5a8ae05b5d5616de16628c03

  • SHA1

    16f768b807acb9a9b047d37d5602f9fd4263c3e9

  • SHA256

    5a9c136d300c0315acd9ef384cbb745cbe25666b0fd1e32ed6671a9da3d4248c

  • SHA512

    f3b85266e5085ea74415e3346b0eb569335c70b32c366a9a1ad87fe04f96b178a5736e8ceda4e8bb43129321a429d588cfff0332316b5e3c38c332e6a909e1f8

  • SSDEEP

    24576:tnLehpzQc+mCyg2F3rI8jm8PE/iyTZNndwZaqoBfpT3emrHviOeAiYZkMBpm9QsF:JihhgB8C8PE6ydMIqklBfeYkgUlh3Z

Score
10/10
amadeyexelastealergurcupurelogstealerredlinestealcxwormzharkbot14082024816fa@cloudytteama51500defaultfed3aalivetrafficpenisbotnetcollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Extracted

Family

redline

Botnet

LiveTraffic

C2

95.179.163.21:29257

Extracted

Family

redline

Botnet

@CLOUDYTTEAM

C2

65.21.18.51:45580

Extracted

Family

stealc

Botnet

default

C2

http://185.215.113.17

Attributes
  • url_path

    /2fb6c2cc8dce150a.php

Extracted

Family

redline

Botnet

14082024

C2

185.215.113.67:21405

Extracted

Family

redline

Botnet

816FA

C2

88.99.151.68:7200

Extracted

Family

amadey

Version

4.41

Botnet

a51500

C2

http://api.garageserviceoperation.com

Attributes
  • install_dir

    0cf505a27f

  • install_file

    ednfovi.exe

  • strings_key

    0044a8b8e295529eaf3743c9bc3171d2

  • url_paths

    /CoreOPT/index.php

rc4.plain

Extracted

Family

stealc

Botnet

penis

C2

http://185.196.9.140

Attributes
  • url_path

    /c3f845711fab35f8.php

Extracted

Family

xworm

C2

127.0.0.1:7000

beshomandotestbesnd.run.place:7000
Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot2128988424:AAEkYnwvOQA95riqRZwlqBxg4GV-odRNOyo/sendMessage?chat_id=966649672

Extracted

Family

gurcu

C2

https://api.telegram.org/bot2128988424:AAEkYnwvOQA95riqRZwlqBxg4GV-odRNOyo/sendMessage?chat_id=966649672

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Detect Xworm Payload 2 IoCs
  • Detects ZharkBot payload 1 IoCs

    ZharkBot is a botnet written C++.

  • Exela Stealer

    Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    stealerexelastealer
  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu
  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer
  • PureLog Stealer payload 2 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • ZharkBot

    ZharkBot is a botnet written C++.

    botnetzharkbot
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Grants admin privileges 1 TTPs

    Uses net.exe to modify the user's privileges.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
    evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Clipboard Data 1 TTPs 2 IoCs

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection
  • Drops startup file 4 IoCs
  • Executes dropped EXE 33 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 34 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Network Service Discovery 1 TTPs 2 IoCs

    Attempt to gather information on host's network.

    discovery
  • Enumerates processes with tasklist 1 TTPs 10 IoCs
    discovery
  • Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs
    defense_evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • Drops file in Windows directory 10 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Permission Groups Discovery: Local Groups 1 TTPs

    Attempt to find local system groups and permission settings.

    discovery
  • Program crash 29 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • System Network Connections Discovery 1 TTPs 1 IoCs

    Attempt to get a listing of network connections.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Collects information from the system 1 TTPs 1 IoCs

    Uses WMIC.exe to find detailed system information.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3344
      • C:\Users\Admin\AppData\Local\Temp\5a9c136d300c0315acd9ef384cbb745cbe25666b0fd1e32ed6671a9da3d4248c.exe
        "C:\Users\Admin\AppData\Local\Temp\5a9c136d300c0315acd9ef384cbb745cbe25666b0fd1e32ed6671a9da3d4248c.exe"
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3020
        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          "C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2160
          • C:\Users\Admin\AppData\Local\Temp\1000002001\GOLD.exe
            "C:\Users\Admin\AppData\Local\Temp\1000002001\GOLD.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3080
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              5⤵
                PID:928
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                5⤵
                  PID:1172
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1388
              • C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe
                "C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe"
                4⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:2820
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:2784
                  • C:\Users\Admin\AppData\Roaming\hWU2wISwhK.exe
                    "C:\Users\Admin\AppData\Roaming\hWU2wISwhK.exe"
                    6⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:6140
                  • C:\Users\Admin\AppData\Roaming\o6jBypKfsf.exe
                    "C:\Users\Admin\AppData\Roaming\o6jBypKfsf.exe"
                    6⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:5936
              • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default.exe
                "C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default.exe"
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                PID:2128
              • C:\Users\Admin\AppData\Local\Temp\1000129001\clcs.exe
                "C:\Users\Admin\AppData\Local\Temp\1000129001\clcs.exe"
                4⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:5872
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=clcs.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                  5⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:4800
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
                    6⤵
                      PID:3016
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
                      6⤵
                        PID:3848
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
                        6⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4208
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
                        6⤵
                          PID:4716
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
                          6⤵
                            PID:2288
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
                            6⤵
                              PID:2868
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
                              6⤵
                                PID:3756
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5396
                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,13327998034029599319,355582662265837694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1408
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=clcs.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                              5⤵
                              • Enumerates system info in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:2044
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
                                6⤵
                                  PID:5796
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
                                  6⤵
                                    PID:3012
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
                                    6⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5288
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
                                    6⤵
                                      PID:5264
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
                                      6⤵
                                        PID:2096
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
                                        6⤵
                                          PID:3700
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                          6⤵
                                            PID:4708
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 /prefetch:8
                                            6⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:780
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                                            6⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1452
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                                            6⤵
                                              PID:5844
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
                                              6⤵
                                                PID:5200
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                                6⤵
                                                  PID:5820
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7888863270661756282,10577667586084242598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                                                  6⤵
                                                    PID:2680
                                              • C:\Users\Admin\AppData\Local\Temp\1000135001\14082024.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000135001\14082024.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2516
                                              • C:\Users\Admin\AppData\Local\Temp\1000147001\BattleGermany.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000147001\BattleGermany.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:4952
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\System32\cmd.exe" /k move Cassette Cassette.cmd & Cassette.cmd & exit
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2080
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3176
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "wrsa.exe opssvc.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4880
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3156
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:6132
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c md 177479
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:2028
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /V "FoolBurkeRetainedWait" Drop
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:2488
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c copy /b ..\Tracked + ..\Luggage + ..\Prime + ..\Involved + ..\Fluid + ..\Newport + ..\Rod + ..\Society s
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:2168
                                                  • C:\Users\Admin\AppData\Local\Temp\177479\Community.pif
                                                    Community.pif s
                                                    6⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:1352
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      cmd /c schtasks.exe /create /tn "Capable" /tr "wscript //B 'C:\Users\Admin\AppData\Local\SkyNav Technologies\SkyPilot.js'" /sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
                                                      7⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:396
                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                        schtasks.exe /create /tn "Capable" /tr "wscript //B 'C:\Users\Admin\AppData\Local\SkyNav Technologies\SkyPilot.js'" /sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
                                                        8⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Scheduled Task/Job: Scheduled Task
                                                        PID:5152
                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                      schtasks.exe /create /tn "SkyPilot" /tr "wscript //B 'C:\Users\Admin\AppData\Local\SkyNav Technologies\SkyPilot.js'" /sc onlogon /F /RL HIGHEST
                                                      7⤵
                                                      • System Location Discovery: System Language Discovery
                                                      • Scheduled Task/Job: Scheduled Task
                                                      PID:876
                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                      7⤵
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:1864
                                                  • C:\Windows\SysWOW64\choice.exe
                                                    choice /d y /t 15
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4732
                                              • C:\Users\Admin\AppData\Local\Temp\1000150001\runtime.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000150001\runtime.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • Drops file in Windows directory
                                                • System Location Discovery: System Language Discovery
                                                PID:4676
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4548
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2528
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "wrsa.exe opssvc.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3132
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3988
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5156
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c md 40365
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4788
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /V "HopeBuildersGeniusIslam" Sonic
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3292
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:980
                                                  • C:\Users\Admin\AppData\Local\Temp\40365\Beijing.pif
                                                    Beijing.pif s
                                                    6⤵
                                                    • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:2896
                                                    • C:\Users\Admin\AppData\Local\Temp\1000064001\kitty.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1000064001\kitty.exe"
                                                      7⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5084
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 508
                                                        8⤵
                                                        • Program crash
                                                        PID:4940
                                                    • C:\Users\Admin\AppData\Local\Temp\1000142101\build2.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1000142101\build2.exe"
                                                      7⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:5064
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 792
                                                        8⤵
                                                        • Program crash
                                                        PID:1804
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 824
                                                        8⤵
                                                        • Program crash
                                                        PID:3428
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 880
                                                        8⤵
                                                        • Program crash
                                                        PID:5408
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 924
                                                        8⤵
                                                        • Program crash
                                                        PID:5160
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 880
                                                        8⤵
                                                        • Program crash
                                                        PID:1640
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 980
                                                        8⤵
                                                        • Program crash
                                                        PID:3660
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 992
                                                        8⤵
                                                        • Program crash
                                                        PID:6136
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 1040
                                                        8⤵
                                                        • Program crash
                                                        PID:4764
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 992
                                                        8⤵
                                                        • Program crash
                                                        PID:6108
                                                      • C:\Users\Admin\AppData\Local\Temp\fed0c9a4d3\Hkbsse.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\fed0c9a4d3\Hkbsse.exe"
                                                        8⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3484
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 592
                                                          9⤵
                                                          • Program crash
                                                          PID:588
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 632
                                                          9⤵
                                                          • Program crash
                                                          PID:5060
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 640
                                                          9⤵
                                                          • Program crash
                                                          PID:5676
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 864
                                                          9⤵
                                                          • Program crash
                                                          PID:1520
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 884
                                                          9⤵
                                                          • Program crash
                                                          PID:5684
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 900
                                                          9⤵
                                                          • Program crash
                                                          PID:4924
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 876
                                                          9⤵
                                                          • Program crash
                                                          PID:5436
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 916
                                                          9⤵
                                                          • Program crash
                                                          PID:5924
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 964
                                                          9⤵
                                                          • Program crash
                                                          PID:5396
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1192
                                                          9⤵
                                                          • Program crash
                                                          PID:2524
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1392
                                                          9⤵
                                                          • Program crash
                                                          PID:1608
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1432
                                                          9⤵
                                                          • Program crash
                                                          PID:5052
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 1180
                                                        8⤵
                                                        • Program crash
                                                        PID:1716
                                                  • C:\Windows\SysWOW64\choice.exe
                                                    choice /d y /t 5
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5312
                                              • C:\Users\Admin\AppData\Local\Temp\1000157001\coreplugin.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000157001\coreplugin.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:3436
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\System32\cmd.exe" /k move Anytime Anytime.cmd & Anytime.cmd & exit
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2780
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4324
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "wrsa.exe opssvc.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5800
                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                    tasklist
                                                    6⤵
                                                    • Enumerates processes with tasklist
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:6004
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4388
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c md 297145
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5672
                                                  • C:\Windows\SysWOW64\findstr.exe
                                                    findstr /V "CorkBkConditionsMoon" Scary
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3408
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd /c copy /b ..\Dependence + ..\Nsw + ..\Developmental + ..\Shared + ..\Ranges + ..\Notify + ..\Pending + ..\Previously k
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5764
                                                  • C:\Users\Admin\AppData\Local\Temp\297145\Cultures.pif
                                                    Cultures.pif k
                                                    6⤵
                                                    • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:5128
                                                  • C:\Windows\SysWOW64\choice.exe
                                                    choice /d y /t 5
                                                    6⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:932
                                              • C:\Users\Admin\AppData\Local\Temp\1000162001\Indentif.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000162001\Indentif.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                PID:3604
                                              • C:\Users\Admin\AppData\Local\Temp\1000167001\crypted8888.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000167001\crypted8888.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                PID:5284
                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Checks processor information in registry
                                                  PID:496
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1324
                                                    6⤵
                                                    • Program crash
                                                    PID:3528
                                              • C:\Users\Admin\AppData\Local\Temp\1000169001\explorer.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000169001\explorer.exe"
                                                4⤵
                                                • Drops startup file
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • Suspicious behavior: AddClipboardFormatListener
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2536
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\1000169001\explorer.exe'
                                                  5⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4728
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe'
                                                  5⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:2008
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\explorer'
                                                  5⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3040
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer'
                                                  5⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:228
                                                • C:\Windows\System32\schtasks.exe
                                                  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\Admin\explorer"
                                                  5⤵
                                                  • Scheduled Task/Job: Scheduled Task
                                                  PID:5972
                                                • C:\Users\Admin\AppData\Local\Temp\1000177001\Mswgoudnv.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\1000177001\Mswgoudnv.exe"
                                                  5⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Windows directory
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1660
                                              • C:\Users\Admin\AppData\Local\Temp\1000170001\LummaC22222.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000170001\LummaC22222.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:2068
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 1168
                                                  5⤵
                                                  • Program crash
                                                  PID:5276
                                              • C:\Users\Admin\AppData\Local\Temp\1000174001\5PHCENYBS068Y01.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000174001\5PHCENYBS068Y01.exe"
                                                4⤵
                                                • Executes dropped EXE
                                                PID:4856
                                                • C:\Users\Admin\AppData\Local\Temp\onefile_4856_133688157916339397\stub.exe
                                                  C:\Users\Admin\AppData\Local\Temp\1000174001\5PHCENYBS068Y01.exe
                                                  5⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  PID:5644
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c "ver"
                                                    6⤵
                                                      PID:440
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
                                                      6⤵
                                                        PID:1500
                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                          wmic path win32_VideoController get name
                                                          7⤵
                                                          • Detects videocard installed
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:4124
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
                                                        6⤵
                                                          PID:4592
                                                          • C:\Windows\System32\Wbem\WMIC.exe
                                                            wmic computersystem get Manufacturer
                                                            7⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:2972
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c "gdb --version"
                                                          6⤵
                                                            PID:3200
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /c "tasklist"
                                                            6⤵
                                                              PID:2164
                                                              • C:\Windows\system32\tasklist.exe
                                                                tasklist
                                                                7⤵
                                                                • Enumerates processes with tasklist
                                                                PID:3268
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
                                                              6⤵
                                                                PID:3936
                                                                • C:\Windows\System32\Wbem\WMIC.exe
                                                                  wmic path Win32_ComputerSystem get Manufacturer
                                                                  7⤵
                                                                    PID:1280
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                  6⤵
                                                                    PID:5876
                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                      wmic csproduct get uuid
                                                                      7⤵
                                                                        PID:1504
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c "tasklist"
                                                                      6⤵
                                                                        PID:4760
                                                                        • C:\Windows\system32\tasklist.exe
                                                                          tasklist
                                                                          7⤵
                                                                          • Enumerates processes with tasklist
                                                                          PID:6116
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\MonsterUpdateService\Monster.exe""
                                                                        6⤵
                                                                        • Hide Artifacts: Hidden Files and Directories
                                                                        PID:2508
                                                                        • C:\Windows\system32\attrib.exe
                                                                          attrib +h +s "C:\Users\Admin\AppData\Local\MonsterUpdateService\Monster.exe"
                                                                          7⤵
                                                                          • Views/modifies file attributes
                                                                          PID:4976
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
                                                                        6⤵
                                                                          PID:4848
                                                                          • C:\Windows\system32\mshta.exe
                                                                            mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
                                                                            7⤵
                                                                              PID:1632
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
                                                                            6⤵
                                                                              PID:2444
                                                                              • C:\Windows\system32\taskkill.exe
                                                                                taskkill /F /IM chrome.exe
                                                                                7⤵
                                                                                • Kills process with taskkill
                                                                                PID:5532
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                              6⤵
                                                                                PID:5216
                                                                                • C:\Windows\system32\tasklist.exe
                                                                                  tasklist /FO LIST
                                                                                  7⤵
                                                                                  • Enumerates processes with tasklist
                                                                                  PID:660
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                                                                                6⤵
                                                                                • Clipboard Data
                                                                                PID:5928
                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  powershell.exe Get-Clipboard
                                                                                  7⤵
                                                                                  • Clipboard Data
                                                                                  PID:4300
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /c "chcp"
                                                                                6⤵
                                                                                  PID:2396
                                                                                  • C:\Windows\system32\chcp.com
                                                                                    chcp
                                                                                    7⤵
                                                                                      PID:4132
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c "chcp"
                                                                                    6⤵
                                                                                      PID:676
                                                                                      • C:\Windows\system32\chcp.com
                                                                                        chcp
                                                                                        7⤵
                                                                                          PID:4864
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                                                                                        6⤵
                                                                                        • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                        PID:1504
                                                                                        • C:\Windows\system32\netsh.exe
                                                                                          netsh wlan show profiles
                                                                                          7⤵
                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                          • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                          PID:336
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                                                                                        6⤵
                                                                                        • Network Service Discovery
                                                                                        PID:2212
                                                                                        • C:\Windows\system32\systeminfo.exe
                                                                                          systeminfo
                                                                                          7⤵
                                                                                          • Gathers system information
                                                                                          PID:2124
                                                                                        • C:\Windows\system32\HOSTNAME.EXE
                                                                                          hostname
                                                                                          7⤵
                                                                                            PID:4352
                                                                                          • C:\Windows\System32\Wbem\WMIC.exe
                                                                                            wmic logicaldisk get caption,description,providername
                                                                                            7⤵
                                                                                            • Collects information from the system
                                                                                            PID:4596
                                                                                          • C:\Windows\system32\net.exe
                                                                                            net user
                                                                                            7⤵
                                                                                              PID:5968
                                                                                              • C:\Windows\system32\net1.exe
                                                                                                C:\Windows\system32\net1 user
                                                                                                8⤵
                                                                                                  PID:2760
                                                                                              • C:\Windows\system32\query.exe
                                                                                                query user
                                                                                                7⤵
                                                                                                  PID:5924
                                                                                                  • C:\Windows\system32\quser.exe
                                                                                                    "C:\Windows\system32\quser.exe"
                                                                                                    8⤵
                                                                                                      PID:132
                                                                                                  • C:\Windows\system32\net.exe
                                                                                                    net localgroup
                                                                                                    7⤵
                                                                                                      PID:5396
                                                                                                      • C:\Windows\system32\net1.exe
                                                                                                        C:\Windows\system32\net1 localgroup
                                                                                                        8⤵
                                                                                                          PID:5984
                                                                                                      • C:\Windows\system32\net.exe
                                                                                                        net localgroup administrators
                                                                                                        7⤵
                                                                                                          PID:6004
                                                                                                          • C:\Windows\system32\net1.exe
                                                                                                            C:\Windows\system32\net1 localgroup administrators
                                                                                                            8⤵
                                                                                                              PID:2524
                                                                                                          • C:\Windows\system32\net.exe
                                                                                                            net user guest
                                                                                                            7⤵
                                                                                                              PID:4956
                                                                                                              • C:\Windows\system32\net1.exe
                                                                                                                C:\Windows\system32\net1 user guest
                                                                                                                8⤵
                                                                                                                  PID:5936
                                                                                                              • C:\Windows\system32\net.exe
                                                                                                                net user administrator
                                                                                                                7⤵
                                                                                                                  PID:704
                                                                                                                  • C:\Windows\system32\net1.exe
                                                                                                                    C:\Windows\system32\net1 user administrator
                                                                                                                    8⤵
                                                                                                                      PID:412
                                                                                                                  • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                    wmic startup get caption,command
                                                                                                                    7⤵
                                                                                                                      PID:5660
                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                      tasklist /svc
                                                                                                                      7⤵
                                                                                                                      • Enumerates processes with tasklist
                                                                                                                      PID:2508
                                                                                                                    • C:\Windows\system32\ipconfig.exe
                                                                                                                      ipconfig /all
                                                                                                                      7⤵
                                                                                                                      • Gathers network information
                                                                                                                      PID:2800
                                                                                                                    • C:\Windows\system32\ROUTE.EXE
                                                                                                                      route print
                                                                                                                      7⤵
                                                                                                                        PID:1204
                                                                                                                      • C:\Windows\system32\ARP.EXE
                                                                                                                        arp -a
                                                                                                                        7⤵
                                                                                                                        • Network Service Discovery
                                                                                                                        PID:4556
                                                                                                                      • C:\Windows\system32\NETSTAT.EXE
                                                                                                                        netstat -ano
                                                                                                                        7⤵
                                                                                                                        • System Network Connections Discovery
                                                                                                                        • Gathers network information
                                                                                                                        PID:2060
                                                                                                                      • C:\Windows\system32\sc.exe
                                                                                                                        sc query type= service state= all
                                                                                                                        7⤵
                                                                                                                        • Launches sc.exe
                                                                                                                        PID:2528
                                                                                                                      • C:\Windows\system32\netsh.exe
                                                                                                                        netsh firewall show state
                                                                                                                        7⤵
                                                                                                                        • Modifies Windows Firewall
                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                        PID:6000
                                                                                                                      • C:\Windows\system32\netsh.exe
                                                                                                                        netsh firewall show config
                                                                                                                        7⤵
                                                                                                                        • Modifies Windows Firewall
                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                        PID:1280
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                      6⤵
                                                                                                                        PID:2796
                                                                                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                          wmic csproduct get uuid
                                                                                                                          7⤵
                                                                                                                            PID:3912
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                          6⤵
                                                                                                                            PID:2432
                                                                                                                            • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                              wmic csproduct get uuid
                                                                                                                              7⤵
                                                                                                                                PID:2712
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\1000177001\Mswgoudnv.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\1000177001\Mswgoudnv.exe"
                                                                                                                          4⤵
                                                                                                                          • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Adds Run key to start application
                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:5000
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\1000179001\SеtuÑ€111.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\1000179001\Sеtuр111.exe"
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          • Checks processor information in registry
                                                                                                                          PID:3040
                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 976
                                                                                                                            5⤵
                                                                                                                            • Program crash
                                                                                                                            PID:672
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      cmd /c schtasks.exe /create /tn "Invitations" /tr "wscript //B 'C:\Users\Admin\AppData\Local\NeuraMind Innovations\MindLynx.js'" /sc minute /mo 5 /F
                                                                                                                      2⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:2436
                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                        schtasks.exe /create /tn "Invitations" /tr "wscript //B 'C:\Users\Admin\AppData\Local\NeuraMind Innovations\MindLynx.js'" /sc minute /mo 5 /F
                                                                                                                        3⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Scheduled Task/Job: Scheduled Task
                                                                                                                        PID:336
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MindLynx.url" & echo URL="C:\Users\Admin\AppData\Local\NeuraMind Innovations\MindLynx.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MindLynx.url" & exit
                                                                                                                      2⤵
                                                                                                                      • Drops startup file
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:5840
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\297145\Cultures.pif
                                                                                                                      C:\Users\Admin\AppData\Local\Temp\297145\Cultures.pif
                                                                                                                      2⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:4744
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 1064
                                                                                                                        3⤵
                                                                                                                        • Program crash
                                                                                                                        PID:4068
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 1056
                                                                                                                        3⤵
                                                                                                                        • Program crash
                                                                                                                        PID:3148
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 1064
                                                                                                                        3⤵
                                                                                                                        • Program crash
                                                                                                                        PID:4984
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                    C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                    1⤵
                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                    • Checks BIOS information in registry
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Identifies Wine through registry keys
                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                    PID:5352
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:5224
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:5800
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:4788
                                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:1700
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                            1⤵
                                                                                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                            • Checks BIOS information in registry
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Identifies Wine through registry keys
                                                                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                            PID:5380
                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5084 -ip 5084
                                                                                                                            1⤵
                                                                                                                              PID:3592
                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4744 -ip 4744
                                                                                                                              1⤵
                                                                                                                                PID:5672
                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4744 -ip 4744
                                                                                                                                1⤵
                                                                                                                                  PID:5676
                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4744 -ip 4744
                                                                                                                                  1⤵
                                                                                                                                    PID:4132
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2068 -ip 2068
                                                                                                                                    1⤵
                                                                                                                                      PID:1204
                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5064 -ip 5064
                                                                                                                                      1⤵
                                                                                                                                        PID:2196
                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5064 -ip 5064
                                                                                                                                        1⤵
                                                                                                                                          PID:5916
                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5064 -ip 5064
                                                                                                                                          1⤵
                                                                                                                                            PID:5376
                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5064 -ip 5064
                                                                                                                                            1⤵
                                                                                                                                              PID:3308
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5064 -ip 5064
                                                                                                                                              1⤵
                                                                                                                                                PID:5860
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5064 -ip 5064
                                                                                                                                                1⤵
                                                                                                                                                  PID:4128
                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5064 -ip 5064
                                                                                                                                                  1⤵
                                                                                                                                                    PID:5672
                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5064 -ip 5064
                                                                                                                                                    1⤵
                                                                                                                                                      PID:1324
                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5064 -ip 5064
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4968
                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5064 -ip 5064
                                                                                                                                                        1⤵
                                                                                                                                                          PID:1068
                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 496 -ip 496
                                                                                                                                                          1⤵
                                                                                                                                                            PID:4784
                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3484 -ip 3484
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4992
                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3484 -ip 3484
                                                                                                                                                              1⤵
                                                                                                                                                                PID:4900
                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3484 -ip 3484
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:776
                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3484 -ip 3484
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:700
                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3484 -ip 3484
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:5932
                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3484 -ip 3484
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:2732
                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3484 -ip 3484
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:1824
                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3484 -ip 3484
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:248
                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3484 -ip 3484
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:4220
                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3484 -ip 3484
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:3280
                                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3484 -ip 3484
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:1432
                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3484 -ip 3484
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4160
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\fed0c9a4d3\Hkbsse.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\fed0c9a4d3\Hkbsse.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    PID:2508
                                                                                                                                                                                  • C:\Users\Admin\explorer
                                                                                                                                                                                    C:\Users\Admin\explorer
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    PID:4852
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • Identifies Wine through registry keys
                                                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                    PID:200
                                                                                                                                                                                  • C:\ProgramData\pjuf\gulmow.exe
                                                                                                                                                                                    C:\ProgramData\pjuf\gulmow.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                    PID:3004
                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3040 -ip 3040
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:1848

                                                                                                                                                                                    Network

                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                    Reconnaissance

                                                                                                                                                                                    Resource Development

                                                                                                                                                                                    Initial Access

                                                                                                                                                                                    Execution

                                                                                                                                                                                    Command and Scripting Interpreter

                                                                                                                                                                                    2
                                                                                                                                                                                    T1059

                                                                                                                                                                                    PowerShell

                                                                                                                                                                                    1
                                                                                                                                                                                    T1059.001

                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053

                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053.005

                                                                                                                                                                                    Persistence

                                                                                                                                                                                    Account Manipulation

                                                                                                                                                                                    1
                                                                                                                                                                                    T1098

                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                    1
                                                                                                                                                                                    T1547

                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                    1
                                                                                                                                                                                    T1547.001

                                                                                                                                                                                    Create or Modify System Process

                                                                                                                                                                                    1
                                                                                                                                                                                    T1543

                                                                                                                                                                                    Windows Service

                                                                                                                                                                                    1
                                                                                                                                                                                    T1543.003

                                                                                                                                                                                    Event Triggered Execution

                                                                                                                                                                                    1
                                                                                                                                                                                    T1546

                                                                                                                                                                                    Netsh Helper DLL

                                                                                                                                                                                    1
                                                                                                                                                                                    T1546.007

                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053

                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053.005

                                                                                                                                                                                    Privilege Escalation

                                                                                                                                                                                    Account Manipulation

                                                                                                                                                                                    1
                                                                                                                                                                                    T1098

                                                                                                                                                                                    Boot or Logon Autostart Execution

                                                                                                                                                                                    1
                                                                                                                                                                                    T1547

                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                    1
                                                                                                                                                                                    T1547.001

                                                                                                                                                                                    Create or Modify System Process

                                                                                                                                                                                    1
                                                                                                                                                                                    T1543

                                                                                                                                                                                    Windows Service

                                                                                                                                                                                    1
                                                                                                                                                                                    T1543.003

                                                                                                                                                                                    Event Triggered Execution

                                                                                                                                                                                    1
                                                                                                                                                                                    T1546

                                                                                                                                                                                    Netsh Helper DLL

                                                                                                                                                                                    1
                                                                                                                                                                                    T1546.007

                                                                                                                                                                                    Scheduled Task/Job

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053

                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                    1
                                                                                                                                                                                    T1053.005

                                                                                                                                                                                    Defense Evasion

                                                                                                                                                                                    Hide Artifacts

                                                                                                                                                                                    2
                                                                                                                                                                                    T1564

                                                                                                                                                                                    Hidden Files and Directories

                                                                                                                                                                                    2
                                                                                                                                                                                    T1564.001

                                                                                                                                                                                    Impair Defenses

                                                                                                                                                                                    1
                                                                                                                                                                                    T1562

                                                                                                                                                                                    Disable or Modify System Firewall

                                                                                                                                                                                    1
                                                                                                                                                                                    T1562.004

                                                                                                                                                                                    Modify Registry

                                                                                                                                                                                    2
                                                                                                                                                                                    T1112

                                                                                                                                                                                    Subvert Trust Controls

                                                                                                                                                                                    1
                                                                                                                                                                                    T1553

                                                                                                                                                                                    Install Root Certificate

                                                                                                                                                                                    1
                                                                                                                                                                                    T1553.004

                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                    2
                                                                                                                                                                                    T1497

                                                                                                                                                                                    Credential Access

                                                                                                                                                                                    Credentials from Password Stores

                                                                                                                                                                                    1
                                                                                                                                                                                    T1555

                                                                                                                                                                                    Credentials from Web Browsers

                                                                                                                                                                                    1
                                                                                                                                                                                    T1555.003

                                                                                                                                                                                    Unsecured Credentials

                                                                                                                                                                                    4
                                                                                                                                                                                    T1552

                                                                                                                                                                                    Credentials In Files

                                                                                                                                                                                    4
                                                                                                                                                                                    T1552.001

                                                                                                                                                                                    Discovery

                                                                                                                                                                                    Browser Information Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1217

                                                                                                                                                                                    Network Service Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1046

                                                                                                                                                                                    Permission Groups Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1069

                                                                                                                                                                                    Local Groups

                                                                                                                                                                                    1
                                                                                                                                                                                    T1069.001

                                                                                                                                                                                    Process Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1057

                                                                                                                                                                                    Query Registry

                                                                                                                                                                                    7
                                                                                                                                                                                    T1012

                                                                                                                                                                                    System Information Discovery

                                                                                                                                                                                    7
                                                                                                                                                                                    T1082

                                                                                                                                                                                    System Location Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1614

                                                                                                                                                                                    System Language Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1614.001

                                                                                                                                                                                    System Network Configuration Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1016

                                                                                                                                                                                    Wi-Fi Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1016.002

                                                                                                                                                                                    System Network Connections Discovery

                                                                                                                                                                                    1
                                                                                                                                                                                    T1049

                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                    2
                                                                                                                                                                                    T1497

                                                                                                                                                                                    Lateral Movement

                                                                                                                                                                                    Collection

                                                                                                                                                                                    Clipboard Data

                                                                                                                                                                                    1
                                                                                                                                                                                    T1115

                                                                                                                                                                                    Data from Local System

                                                                                                                                                                                    4
                                                                                                                                                                                    T1005

                                                                                                                                                                                    Command and Control

                                                                                                                                                                                    Web Service

                                                                                                                                                                                    1
                                                                                                                                                                                    T1102

                                                                                                                                                                                    Exfiltration

                                                                                                                                                                                    Impact

                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                    Downloads

                                                                                                                                                                                    • C:\ProgramData\mozglue.dll
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      593KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      c8fd9be83bc728cc04beffafc2907fe9

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\ProgramData\nss3.dll
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.0MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      1cc453cdf74f31e4d913ff9c10acdde2

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0e495001-2f8d-438f-9724-12cc8b52efb2.tmp
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      10KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      848e908b8a424a63e333ef6522ad3afc

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      88bdc2c6397d874aeecffd972017aa40040d84ca

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      72040e752189e7c7e1ff0983c91e8d742ac0e75375f37cefc8372219d438f597

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      dd90aaeddef25761b8faf7b420e4cbb22e911214bbb6281932d08ebc0bfd7d53873e340ab0fea510c240c11bf7275fd042ff1d9bd5620609cc5c33a3b8caab9f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      152B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      f74f80cd052dc4903da98dd6916f375d

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      3e3512884ee41291824b30b256670b3d0a1c8d40

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      152B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      c32b6fc873c040253034fe4bf5037bd0

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      fc58579eb5bf46c8d5246a45abae3566898c2e27

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      44KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      e669d063e57e65d1f3338b0e451964bd

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      ee3049106b9dfb5080b61c457fc9296a326f664b

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      60f5892976a05ea00ecf849103ba93cdf61dfafb7dbe4a69ea1af663acd12655

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      2cf54c33218043ac20cd4edf72b6c30fed0891b7a898afe285424195eac0100ad4db68363f7049c845ce2b3c962ce682fc26cf3a1f327853443e71a785d27720

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      264KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      92272706acf973c7d14ddbbf30b5efcb

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      53e552f5b92bf790ecc12d089a8c5fe30643f6e9

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      7702a69b25ddfe1d36b15d6eb66a9dffd4c6d16199f78ba770f027b431aba5e4

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      1188733830de3b2628c10ad3c33e391f9745eaec854dbe08c3119c4156cad61a789f89a2574a345ed616b60fc3f2cc41b9d22db0d3455d2d0382b3b60d53711d

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.0MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      7951c5e3a8711dad15026683e30e15a3

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      ab91c0d965446200397b40e8bcf47ef9d91fb4bd

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      2b575c8c74500299784bc46d6b905ca599b7e5d57bf55a9c6033ca8f02f889f8

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      98a02986dab0c1d39c0b6bd42f8e5a12f7912e7f61fe08d12bfe4aa8924b83b675699afd42e3e890abfa4abe4b970f39105b63f1e66f4efde3eb84ecddce1e9b

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.0MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      980b13bbdaf872855edb63a2b275c32f

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      56d57ea472e3a3880c1536a4bd1721f00a2a6309

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      35c0aa461d3b08142d6671a03541ca74528356f13a1c3bca1a9167fff5f8d349

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      75de8768b9dbbfb9481d31d2c090e3baf0f9c92ee7407dabd538e1bd3c588d897849b0634b7f7510368b6ef5b42effc4ee2df405087b8ebbf99002e885e5c7e9

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      224B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      1317b793c35cc3bf9ddcfbe505dbb0c2

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      10f74510716799db8975049bcc8784eade10cc55

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      654c3b46b73e7276de4e2286e0e299516f542ead05ffadeb64c9b10eda4c1dc0

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      52fbd9e76c0748b1494d19a3dd37f102b09ab35d9cd41784d26c3d8a36dee97b236df82d7d161cd3f7677b0c49c673f53b3ca0d952bacdba68787d05fd3adf6b

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d335256af9ebbc5_0
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      243B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      57c2fc5a7f8df0e08a8392c897be6b5a

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      d3f11435e822e786ee31d82bc63f3065c125aada

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      74ce345f064c634a22b1f8161008f7481b603117cea9bab01afe1b4acca881d8

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      7046bdc5110b6e090bb0da1503df12bd7e1cb7e1ba3583fdcbc24eeff8e71962145a7287854e1af3a13afd85a65fa13c9c00baa959620c9fe4eab91bdec719ac

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      221B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      46154ee8003109c2562ea944f56b17b9

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e1cd4ef3672b56e78097dc84359078db94f2d23c

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      978d36da7538f7684a42537317177c989779cc103f25848e2f1a4ef272bc04fe

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      613761b50bc331d176b42b7df007e35b2b1ad602cdb351a32941d9996b28e4137e22ed0ccac795d5f840e006d3d414188c93636c883560dd6b40772cfdd6cabb

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      264B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      0184b1cb8c9b6eefb426be0f5386f701

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      8828f34924d07e3f4f53dbfde8e85e76d247e2ae

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      f538106f8bb3421c928c090bba705984c68bc2969265928fcc3e543926fd2ab1

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      bc1d4c4949f2cc8921d7446c337cefec81e2d075069394139e66ca0ea196778323f6b60c6b15e4d562e70ab2172855cc81327896883975da48c81c470b99f7a9

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe590517.TMP
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      168B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      7bf7559c67bfad497c38ba020862b85b

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      cd1c6bd858d4a34b2c0f10424d5eacd4562c8727

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      408a2da676d2eb614bd33762e40772d0f37402294bb717df8bb927caf0448de6

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      d860e29b2f4c005f5abf83010bb997ba1af249cdcab71c16516e62e4aa4e71500fd8dd4d57f1f324c1d38484294a11486cbd085aebf4c0f856763783044bde5f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      14KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      14f338279b907330fea4b13abed8fa96

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      95f4b8034eb02413890a0bda366d93df17fb36e6

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      fab71a01c4b36e7b9677b68d6e54df0147704810b5a16d9bf742d2b49839ebd6

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      981caa65c314c786bbd191d323bf8a473688c6f297106b84a67eb1a65047a0c0b05447a359436bd1f6e0a3794d6647a2bd3aa6f7a5a762a8c6f1aae73e298918

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      28KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      e37cbb4cf02e52e7c832fefb02ce3acd

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      c658d3f12a573c1b9128a43b72092cd8fa31b829

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      d96017e289af03c6ded5c68a13ef1eb6e7dc0988c2235dae8d7231c08b3875a9

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      a52155c113c585ed844c870d250392c3f3538990dd6c0b7006e8360bce59c5115af1d00de2239621c9c05a5db599e4accf19d12a576f4e4741587c0b7a108ae0

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      331B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      63b815db644559adceee36927d07f19e

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      22b017bd12ead4adaf31c6b7603215eb4aa1d079

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      e54275d42ac4a65788b295068057777dbf0cdb560857051bd36bc6738614ad93

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      d6c95bf7be95ce0edc12f0e38d5ffb7f8a871fd55a9e8bf745be34de56e7136ec522f99deaf78bbce9c4059476d79c3393be613964f1b7fc00613b6125dc986d

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      5KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      ab22b6ac060754e12b565fd6f1f639d8

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      eff9b8dd449cb5fa76f06a0d977fef4d098c169d

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      322c81aeca39f3ac0d21dc5e0a4451f275e5f1095b44574bc95b5ce6885a6892

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      5d1684c5e7668381315f83ce0cae8f88fdd0dbc5c6adbea0e54e8ec48b4d06111e6f7503b6f28378c6bccc09e5c06a43b4137e6ca1920d074b520323109a7c2c

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      5KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      106b73fa6c8bfda615e2715f7b32f2e3

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      66955ae4fee64ad4715be694b8f6d241a3d62988

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      26f706e4ac9fab2f0c3955c38412bfabae396860d7b4c2a0874b1cc2d2ab1f3f

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      84c48c57bb48a2c5fddfacd6190e5a4f6a4c65071c9679f54c0fb545a19ca76d18c5ea53eec7d23fcb5f30c602bf9fe37776bd17c257c4e9245a3b9ef3313bcf

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      5KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      8a91b0e7569ae0e4bd1586b9a52c9f15

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      7b2fbcf42a6122ded411860027360026a01161a5

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      fa805e08508fdd43f4afe5871a65326c04d43daa63b675a44c6ab17bbb741273

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      a25341888dac5c9ad0882c54f7fcbf66ea4a75bc5a2fe13ec1bcc543a53c30a80e8b1c1f7a159377bbd63c08493b924b312b20d4c6df74424bd522c56448e6c8

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      25KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      5c3d7765ba43bd1edee4b831682a4b15

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      85b74a85860b724221380ac36104c4cee5ed4b38

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368815735961835
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      a026c807cbe6ba5da612cd85a367d439

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      b8800b089d3ae09207fa033ea8032557b71cc684

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      478567892ae2a67dc01fea6e907fc183501f113a835d5b4d887bae4814975f0e

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      31192c04dd8deecbab8b0b3018e72afb2016866cce8da33b464ec2fbd1d93cb69c7238ec559ac779b1cd093a963f21b4ab594cee1245cf617a77e71b5df7ac11

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368815736135835
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      717B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      c7e645d591cd792020883e8feefc04b9

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e17ffc621f708928b87fb5e0681c83becf8941ae

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      58f75b2f8af589e2bc1cd53b7ba4ae43e930314b17a4c7827baea58ed82acc34

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      029074be5ebbd0a93ea951105d0f786015a6aa123b5bc66b8c56034541cdcaa5bb64f635659048747903e45d94817cc826a7601166af04ac6ed47c2df19ae831

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      347B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      9023253038adf74ceadfe1ab71bf9ca9

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      60a3e576c99e010e5adba78834f1edf4a9740e51

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      b984b7848337523b0aa9b73da28f13f4135c26647b162b6831fefbbc7a7262c2

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      2c7834e3f337a6a0e2fc756ac072dda5f5823fd5afe0dbab8b01df3d6035a56ec839ec0b59443ae9556226f0553af95c996967ce351a759f0d69b58db994eb17

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      323B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      d19b5706dc4db78527e7a705152bc640

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      f842a8993d9c74d3a1f0852cb39b4cacbaef4ea8

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      a321907fb9298a88c23ade71c1220d2e1c6c28c75ebee849f023b0a38b7809ed

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      3e38da792c2922461923930c391a41da1891ef9214d93694829ac3fcb03e654e326a3008a910d868a01e8a15421e7431d0b0cbf3b2ea0c65f458edaf727bd0d2

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      128KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      0253c475c77973af6c92ede8497c11a0

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e492a89a3e18511222eafd67ca6eea0dcedb2871

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      74c07a8cf93284e06ad575a7374500b239f88d79851089404d6943afd789d66f

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      923bdff6ff6aade045c06df0ce451c09e84576b6d8ba16fe2fc9d515ff10f065a2f0340d82fe528fed49ffee62222f036c8247be7c6a26a345cd09d934e9f619

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      16B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      16B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      16B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      96KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      5de1dd8d21af6695dc0eec4c9e2e41b4

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      a0072df1179f9ea5b12a8b413dd488d93afef24d

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      0434035d3f49e19183fe3e9a4d670f4fcde25861de0bf41b13956f0503e785e1

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      87448d42a2c46569a1165cc97bf151709a011604a2b03741f0537c95e514c462ac6676819a3c03a62f1cb16db23a13720896c2b4f8d7bc0a1d37472aef45eee1

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      19B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      0407b455f23e3655661ba46a574cfca4

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      855cb7cc8eac30458b4207614d046cb09ee3a591

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      322B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      ed676496cb314a9797f51fcf8c92bd42

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e19cd153b2c8abfd6b214588ec3784cb2c35542d

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      e5ca321e1fd648cc5e225506a17a11f5505fc6b79a1699c5f00c123b1d287a02

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      1f5352f545b203335735ceb61c4e451b623aeb88d5ba3fd876a7edf3d3c92fd0f46c39354f63cdd5dffebd7ad9315860f28af87f581d8ca75440f94f948e8289

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      318B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      ccb671a16c98b3b166a2b9eac10b30f8

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      a888cd976ec07fa31ac028bf81272f16f7846411

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      32ada2fe18d53731572d1a93674a40ab42df4705120b77db8f6773aca879167d

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      31c7752179cc0ea895b085d78676a8a3566aa94078ea054a19473dd583fc2f34bf9ad5aa7e2a6bcba4afc7830a15cc69abec9f9c211eb411aecc6c3304bbad17

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      340B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      eb4ce58a934197883a81950c83dd70da

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      d165a6fd0e373c9962c96f168c93afe74204f6b4

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      e71f79ec30c36b6f426e708575c9a1bd7734a0c6fcc72384abeb5f88f9fead2f

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      889277fee13b27715ea88dc0130ebaa2b6273b15a97f753f1a2aa76ef65d0484aceea4cae1393d65eccd02c446561bc16137c84dd1a3b25d1b452e992f5deb9e

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      44KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      8bd51feb84813c72e8d5163ad36c0d39

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      c97714f3195d41328beaf9ff8f2913fd3c54990d

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      0efd3c908263a84ae83a0a8204b19c757c1865e0c6a8b57f4e033d4ffa973693

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      ee4658a89c523d19084bd0326b6c0ff538e3755a86ba69e910bf04923b182f31212a66808c52fafcbe77e530301d7ac7783495c24631a27c03c2f3e17c92d81a

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      264KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      782c2a52f373b1b45b2ba95f101e6401

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      ee4aa26af7784bf7e79f703b3bee55ed1089c723

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      39d684267fd8d3c6a3c10cb84dd8002946eea617652e67cd727ff33a976e8e0c

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      1b08cecf98e4b80136e907ba75c777e12bdddd5f7b9038f4057e7d30bc30d4ce35a1976b1f4f34f6a0ab67bf229f90d0d7b6ffbb91d34277b0fb8b4fec4e121f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.0MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      70e8179f1ce31753c48c1a0494d0cd43

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      c7d0d44996c7778fca90d5e05ce71e17992cfa8a

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      3cfb73d94d2cc84b59659d945fd1e5fc4f7bfb3a46b958255ea1a90a6130a595

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      8336577c3e5c685ee72519499edf094a6ac78ced00b8c26d6299828d6016d699d69fbd8efc218bbba367938c69f591dd35b41303475e2a53bfc39571431cc331

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      11B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      b29bcf9cd0e55f93000b4bb265a9810b

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000002001\GOLD.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      323KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      d6fca3cd57293390ccf9d2bc83662dda

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      94496d01aa91e981846299eeac5631ab8b8c4a93

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      74e0bf30c9107fa716920c878521037db3ca4eeda5c14d745a2459eb14d1190e

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      3990a61000c7dad33e75ce1ca670f5a7b66c0ce1215997dccfca5d4163fedfc7b736bca01c2f1064b0c780eccb039dd0de6be001c87399c1d69da0f456db2a8e

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      8e74497aff3b9d2ddb7e7f819dfc69ba

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      1d18154c206083ead2d30995ce2847cbeb6cdbc1

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      d8e81d9e336ef37a37cae212e72b6f4ef915db4b0f2a8df73eb584bd25f21e66

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      9aacc5c130290a72f1087daa9e79984565ccab6dbcad5114bfed0919812b9ba5f8dee9c37d230eeca4df3cca47ba0b355fbf49353e53f10f0ebc266e93f49f97

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000064001\kitty.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      319KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      0ec1f7cc17b6402cd2df150e0e5e92ca

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      8405b9bf28accb6f1907fbe28d2536da4fba9fc9

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      4c5ca5701285337a96298ebf994f8ba013d290c63afa65b5c2b05771fbbb9ed4

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      7caa2416bc7878493b62a184ddc844d201a9ab5282abfa77a616316af39ff65309e37bb566b3e29d9e764e08f4eda43a06464acaf9962f911b33e6dbc60c1861

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      187KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      e78239a5b0223499bed12a752b893cad

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      a429b46db791f433180ae4993ebb656d2f9393a4

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      80befdb25413d68adbadd8f236a2e8c71b261d8befc04c99749e778b07bcde89

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      cee5d5d4d32e5575852a412f6b3e17f8c0cbafe97fd92c7024934234a23c240dcc1f7a0452e2e5da949dec09dcfeb006e73862c5bbc549a2ab1cfb0241eaddfc

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000129001\clcs.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      7.9MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      d23710b05767ac5d4e1d4754f468599e

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      6fbe21034afe7850a1e608ea67460c25aebb4232

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      b78c67f56b7af5533a502fef2ed9b0ce4c9d507214a74f7d0501611941197b75

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      e021881e5050b14ab78bcaa686d180b88ac620876cd45525b7648b04a8b672010832a3e8f40221c1e6420b9f6ceda1918a2cc04eb56db9dde39aae3c63dc8a37

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000135001\14082024.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      9bba979bb2972a3214a399054242109b

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      60adcedb0f347580fb2c1faadb92345c602c54e9

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      17b71b1895978b7aaf5a0184948e33ac3d70ce979030d5a9a195a1c256f6b368

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      89285f67c4c40365f4028bc18dd658ad40b68ff3bcf15f2547fc8f9d9c3d8021e2950de8565e03451b9b4ebace7ed557df24732af632fdb74cbd9eb02cf08788

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000142101\build2.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      481KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      f9a4f6684d1bf48406a42921aebc1596

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      c9186ff53de4724ede20c6485136b4b2072bb6a6

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      e0a051f93d4c1e81cc142181d14249e246be4c169645d667267134b664e75042

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      67294a47dfef6aba404939497c403f93318841e9c5ee28b706f7506b5dff2630381e28e86f6dcbfdff2427092a515db1dc0a04e334e7f8de8b0b682269ff88fd

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000147001\BattleGermany.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      8.3MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      b7df5fdcfdc3f46b0b4f28c1ffb82937

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      3209511839cd917318c754e0105c1d0cf298f25b

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      7636d2367079eabd9da2bb40935df3da580affc47473fd93ed3b2e01ee6c46e5

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      8a65c4e2b0755323293736fc01eb445071e04f7e2c345d2838bf7a89887f40c6e3b81df4bb35807d9a47ffa322b42383194baec45fd9b3f1e31cbcb6a72e819f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000150001\runtime.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      7adfc6a2e7a5daa59d291b6e434a59f3

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e21ef8be7b78912bed36121404270e5597a3fe25

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      fbb957b3e36ba1dda0b65986117fd8555041d747810a100b47da4a90a1dfd693

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      30f56bd75fe83e8fb60a816c1a0322bc686863d7ab17a763fff977a88f5582c356b4fcfe7c0c9e3e5925bfee7fc44e4ea8b96f82a011ed5e7cd236253187181b

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000157001\coreplugin.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      9954f7ed32d9a20cda8545c526036143

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      8d74385b24155fce660ab0ad076d070f8611024a

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      a221b40667002cd19eece4e45e5dbb6f3c3dc1890870cf28ebcca0e4850102f5

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      76ca2c0edc3ffdc0c357f7f43abc17b130618096fa9db41795272c5c6ad9829046194d3657ad41f4afec5a0b2e5ed9750a31e545e36a2fb19e6c50101ab2cabd

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000162001\Indentif.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      7.4MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      e14e1aa11625c06cafce8fdab8e9875d

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      12e19904b45ad20df2d57ce0305a3469eda28f28

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      d52015fab106cf0c3b2b290f5234e15d966a9adc779c20268789e24f715f9e84

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      b37dab49c8fa9ca39ace81374a1bdcdac44240b28936734cbe1a3a9ca8069e482b8f3be48594485c20ed883c1b2f214dc3824fad6cb1c19cbbdd303e61cd720d

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000167001\crypted8888.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      208KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      031836b5b4c2fc0ba30f29e8a936b24e

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      adc7e7ec27f548afd50fac684c009cfe5c2e0090

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      bf4f27f6932ce75b1746f5364af3abacbdafa59913da513a168d86ea0ad3a3a4

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      ac58ed6b9a3ce4c35366e99e72e4ee1c87048a11979c91f69740d49b3c1f4f4dc3cbaa66287c73530806b8359933e7b6df0bbab01bc3dd4f351988a6a3cd3b6d

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000169001\explorer.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      87KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      7bc9e427746a95ed037db5e0b3230780

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      e5fb0551239eb8edf5b117b04a86742c7780355c

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      3d8b1b6802f265ff8eb229c38ff81824f3652f271eb97b7bfef86db369902a08

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      ae6e823d72a1a976401726ba3dfb61919bf529719fc555c680a99b3a58c15c982b9a8024d4ca2dab933acd1cc22c1f66bc0d46e7d0e7422825dad9c77852808b

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000170001\LummaC22222.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      258KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      40e9f5e6b35423ed5af9a791fc6b8740

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      75d24d3d05a855bb347f4e3a94eae4c38981aca9

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      7fdd7da7975da141ab5a48b856d24fba2ff35f52ad071119f6a83548494ba816

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      c2150dfb166653a2627aba466a6d98c0f426232542afc6a3c6fb5ebb04b114901233f51d57ea59dbef988d038d4103a637d9a51015104213b0be0fe09c96aea8

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000174001\5PHCENYBS068Y01.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      10.5MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      7fffe8702479239234bce6013bcad409

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      ee7aaecaeff869350ead69c907b77d5b0afd3f09

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      7870eda6f78bde1ea7c083ddf32a9aabd118b30f6b8617f4b9e6625edba0ff95

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      8d5932d1fa8006c73e8576383425151439b4bf4637017f104a6c4e5cf202ce1c4a1dbec6d61adb794fd8a30c1300d6635d162df8630f9193c96239ec8b2a6869

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000177001\Mswgoudnv.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      924KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      de64bb0f39113e48a8499d3401461cf8

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      8d78c2d4701e4596e87e3f09adde214a2a2033e8

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000179001\SеtuÑ€111.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      6.4MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      9436c63eb99d4933ec7ffd0661639cbe

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      12da487e8e0a42a1a40ed00ee8708e8c6eed1800

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      3a79351bd8099a518ecb4258aacecc84f7ed44cf67426b482b7583ce20c17e4e

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      59bc369bf7d96865be7e2f0b148e8216804c7f85d59958e7cc142770b44a84a266db8aec05b28bed483828f84abd81a21b3d40cdda230c1a534f6b380a387c44

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\40365\Beijing.pif
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      872KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      c56b5f0201a3b3de53e561fe76912bfd

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      2a4062e10a5de813f5688221dbeb3f3ff33eb417

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\422869363368
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      82KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      89b56d8bcb6ae96fbd053e6b2b15c55e

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      bfc8b027653423828f023021cf33597acc9b9598

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      6f271f737e7e3078066c0ee7b9e71a1d05aa809fe8a88aab5e1ade1c68ee6b02

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      0037d54c85a7dda1e37c50023707d5061f0bf657443be29acb9eb8eb6bb6302c64ccfd83427aa11b19f07b0e02c004686e8131e4aaab1a59e434d0438d0bf7af

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.8MB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      bc84ed6e5a8ae05b5d5616de16628c03

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      16f768b807acb9a9b047d37d5602f9fd4263c3e9

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      5a9c136d300c0315acd9ef384cbb745cbe25666b0fd1e32ed6671a9da3d4248c

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      f3b85266e5085ea74415e3346b0eb569335c70b32c366a9a1ad87fe04f96b178a5736e8ceda4e8bb43129321a429d588cfff0332316b5e3c38c332e6a909e1f8

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\TmpCBFB.tmp
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      1420d30f964eac2c85b2ccfe968eebce

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      bdf9a6876578a3e38079c4f8cf5d6c79687ad750

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Web.db
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      112KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      87210e9e528a4ddb09c6b671937c79c6

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      3c75314714619f5b55e25769e0985d497f0062f2

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Web.db
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      114KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      0314b66f9eb938be8129e7b72a6dfe4d

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      f524526636d7e3df1c2d6fc4d3a530ec2b40f5a6

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      96f64dc6baf4363b64cf944be7e45a0400e535951510200007a4bdd68d1788d8

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      ce7622f34a755687816868f1d26c069cefc69b2a630f333d3c49203e4aa285a312e693c4875f8ce709778ffb2e7f9376269f795063f665f18efaf7550e956194

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uwdbyt5s.akv.ps1
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      60B

                                                                                                                                                                                      MD5

                                                                                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-242286936-336880687-2152680090-1000\76b53b3ec448f7ccdda2063b15d2bfc3_c9038f8c-1e1b-4144-a72a-756d47bbff27
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      f427134ab9274cdb9b619eb83d9865eb

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      bfa1b4a762179db7188ddf742a221fc9111c8cda

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      536b1c3cb545c5451c00ba2ab356835e186d589ea98683a15d3cb27f84ddcc2e

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      ad3aa7e269844798322b00b0b5a53fcfe0871de0550a94076a3f671bc2d0c11a9e29f83f208172e5435c3e4549b41a88ccd19f1bc6ec484f3b77a727bf6e24c7

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\hWU2wISwhK.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      544KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      88367533c12315805c059e688e7cdfe9

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      64a107adcbac381c10bd9c5271c2087b7aa369ec

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      c6fc5c06ad442526a787989bae6ce0d32a2b15a12a41f78baca336b6560997a9

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      7a8c3d767d19395ce9ffef964b0347a148e517982afcf2fc5e45b4c524fd44ec20857f6be722f57ff57722b952ef7b88f6249339551949b9e89cf60260f0a714

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\o6jBypKfsf.exe
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      30f46f4476cdc27691c7fdad1c255037

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      b53415af5d01f8500881c06867a49a5825172e36

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      3a8f5f6951dad3ba415b23b35422d3c93f865146da3ccf7849b75806e0b67ce0

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      271aadb524e94ed1019656868a133c9e490cc6f8e4608c8a41c29eff7c12de972895a01f171e8f625d07994ff3b723bb308d362266f96cb20dff82689454c78f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\Desktop\Microsoft Edge.lnk
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      c89ec7eef153b59970834ff9b01111a1

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      5815648d12fa55ca217b9316fb2c203c643e6f92

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      dfc259232d988d01c13df91321216dafde34b5c6fde2aa392e89d4eeeee77a51

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      15e52b563e611fee3ea8085004e7c908bf4c9fd1207d964dc7aac26239bc9231ab23edbda59e382ffe02529d405b09ff01a468903c726bf98c8392bd8b5633c1

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Admin\Desktop\Microsoft Edge.lnk
                                                                                                                                                                                      MD5

                                                                                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • C:\Users\Public\Desktop\Google Chrome.lnk
                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2KB

                                                                                                                                                                                      MD5

                                                                                                                                                                                      aa36b9219256e4e064d57fa978ef6706

                                                                                                                                                                                      SHA1

                                                                                                                                                                                      31251aeecebc5db81e93ebaccf44dacb56286881

                                                                                                                                                                                      SHA256

                                                                                                                                                                                      9142bd5c6e74c5e668325b443df2e3709309fb81a317ebc8743b76a7c7abcdf8

                                                                                                                                                                                      SHA512

                                                                                                                                                                                      c5d09d03c7d551ae9cb878b6b4851b7e6c126eaf66698409384b46adaf3fbd74cae12e37c8cc9c5ae8d0e8f55d7bcd019b791dd7bcd5293de2a35af2cbd6691f

                                                                                                                                                                                      Download Submit

                                                                                                                                                                                    • memory/200-2729-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/200-2087-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/496-679-0x0000000000400000-0x0000000000643000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.3MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/496-678-0x0000000000400000-0x0000000000643000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.3MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-149-0x0000000006870000-0x00000000068C0000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      320KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-64-0x00000000061D0000-0x00000000061EE000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      120KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-46-0x0000000005400000-0x00000000059A6000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      5.6MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-70-0x0000000006AF0000-0x0000000006B2C000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      240KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-69-0x0000000006A90000-0x0000000006AA2000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      72KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-68-0x0000000008320000-0x000000000842A000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.0MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-47-0x0000000004EF0000-0x0000000004F82000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      584KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-48-0x0000000004F90000-0x0000000004F9A000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      40KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-44-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      328KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-67-0x0000000006B60000-0x0000000007178000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      6.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-63-0x0000000005A30000-0x0000000005AA6000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      472KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1388-71-0x0000000008430000-0x000000000847C000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1864-615-0x0000000006960000-0x00000000069AC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/1864-598-0x0000000000B40000-0x0000000000B92000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      328KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2128-245-0x0000000000620000-0x0000000000863000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.3MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2128-175-0x0000000000620000-0x0000000000863000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.3MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2128-178-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      972KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-153-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-21-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-350-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-246-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-294-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-91-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-620-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-22-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-442-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-597-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-20-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-19-0x0000000000D91000-0x0000000000DBF000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      184KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-143-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-18-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-536-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-223-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-152-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2160-159-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2516-280-0x0000000000B70000-0x0000000000BC2000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      328KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2516-300-0x0000000006D50000-0x0000000006D9C000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2536-712-0x0000000000FA0000-0x0000000000FBC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      112KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2536-2042-0x000000001DB40000-0x000000001DE90000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      3.3MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2784-95-0x0000000000400000-0x000000000050D000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2784-118-0x0000000000400000-0x000000000050D000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2784-93-0x0000000000400000-0x000000000050D000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2784-98-0x0000000000400000-0x000000000050D000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2784-97-0x0000000000400000-0x000000000050D000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2820-90-0x00000000009F0000-0x0000000000B02000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.1MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-623-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-657-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-626-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-624-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-744-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-738-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-625-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-695-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-689-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-621-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/2896-622-0x0000000003C10000-0x0000000003C7F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      444KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-3-0x0000000000BE0000-0x0000000001096000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-2-0x0000000000BE1000-0x0000000000C0F000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      184KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-16-0x0000000000BE0000-0x0000000001096000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-1-0x0000000077E06000-0x0000000077E08000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      8KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-4-0x0000000000BE0000-0x0000000001096000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3020-0-0x0000000000BE0000-0x0000000001096000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3080-42-0x0000000000970000-0x00000000009C4000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      336KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3080-41-0x00000000737CE000-0x00000000737CF000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-651-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-654-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-653-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-652-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-655-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-656-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-643-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-771-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-650-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/3604-649-0x0000000140000000-0x0000000140278000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      2.5MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/4728-757-0x000001E6E04D0000-0x000001E6E04F2000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      136KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/4744-713-0x0000000000590000-0x00000000005DC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/4744-714-0x0000000000590000-0x00000000005DC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/4744-619-0x0000000000590000-0x00000000005DC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-878-0x0000000004C80000-0x0000000004D5E000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      888KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-876-0x0000000000140000-0x000000000022E000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      952KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-2077-0x00000000050A0000-0x00000000050F4000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      336KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-877-0x0000000004B30000-0x0000000004C0C000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      880KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-1960-0x0000000004E30000-0x0000000004E7C000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      304KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5000-1959-0x0000000004DD0000-0x0000000004E28000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      352KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5284-676-0x0000000000F90000-0x0000000000FC8000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      224KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5352-177-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5380-595-0x0000000000D90000-0x0000000001246000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      4.7MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/5936-121-0x0000000000840000-0x0000000000892000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      328KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/6140-146-0x0000000007F60000-0x0000000007FC6000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      408KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/6140-150-0x00000000096D0000-0x0000000009892000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      1.8MB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/6140-123-0x0000000000010000-0x000000000009E000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      568KB

                                                                                                                                                                                      Download

                                                                                                                                                                                    • memory/6140-151-0x0000000009DD0000-0x000000000A2FC000-memory.dmp

                                                                                                                                                                                      Filesize

                                                                                                                                                                                      5.2MB

                                                                                                                                                                                      Download