Analysis

  • max time kernel
    302s
  • max time network
    303s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2024 23:04

General

  • Target

    XenoUI.exe

  • Size

    140KB

  • MD5

    f0d6a8ef8299c5f15732a011d90b0be1

  • SHA1

    5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf

  • SHA256

    326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b

  • SHA512

    5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27

  • SSDEEP

    3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    6

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

  • Meduza Stealer payload 4 IoCs
  • Meduza family
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 13 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 58 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XenoUI.exe
    "C:\Users\Admin\AppData\Local\Temp\XenoUI.exe"
    1⤵
      PID:4916
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffb1a4acc40,0x7ffb1a4acc4c,0x7ffb1a4acc58
        2⤵
          PID:1476
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
          2⤵
            PID:4432
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
            2⤵
              PID:3260
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
              2⤵
                PID:2012
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
                2⤵
                  PID:1996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
                  2⤵
                    PID:4084
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
                    2⤵
                      PID:3780
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
                      2⤵
                        PID:3248
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
                        2⤵
                          PID:2708
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
                          2⤵
                            PID:400
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
                            2⤵
                              PID:804
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
                              2⤵
                                PID:1684
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
                                2⤵
                                  PID:1092
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4880,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:2
                                  2⤵
                                    PID:2192
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4452,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
                                    2⤵
                                      PID:3048
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4664,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
                                      2⤵
                                        PID:2180
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4028,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:1
                                        2⤵
                                          PID:512
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4660,i,2088128800257931051,8156281086855801159,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1
                                          2⤵
                                            PID:1364
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                          1⤵
                                            PID:2024
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                            1⤵
                                              PID:2908
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                              1⤵
                                              • Enumerates system info in registry
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:2916
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb1a3646f8,0x7ffb1a364708,0x7ffb1a364718
                                                2⤵
                                                  PID:4628
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
                                                  2⤵
                                                    PID:3604
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3040
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
                                                    2⤵
                                                      PID:2560
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                                      2⤵
                                                        PID:2296
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                                                        2⤵
                                                          PID:3540
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                                                          2⤵
                                                            PID:4612
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                                                            2⤵
                                                              PID:912
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
                                                              2⤵
                                                                PID:3080
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                                                                2⤵
                                                                  PID:2460
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                                                                  2⤵
                                                                    PID:3464
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                                                                    2⤵
                                                                      PID:3480
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:1656
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                                                                      2⤵
                                                                        PID:216
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                                                        2⤵
                                                                          PID:4024
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
                                                                          2⤵
                                                                            PID:1012
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                                                                            2⤵
                                                                              PID:4676
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                                                                              2⤵
                                                                                PID:4684
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                                                                2⤵
                                                                                  PID:3236
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5656 /prefetch:8
                                                                                  2⤵
                                                                                    PID:3212
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4772
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,4213922593791702929,2427379914403242471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
                                                                                      2⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:4136
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:4780
                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                      1⤵
                                                                                        PID:4808
                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                        1⤵
                                                                                          PID:1012
                                                                                        • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                          "C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
                                                                                          1⤵
                                                                                          • Suspicious use of SetThreadContext
                                                                                          PID:744
                                                                                          • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            2⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2976
                                                                                        • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                          "C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
                                                                                          1⤵
                                                                                          • Suspicious use of SetThreadContext
                                                                                          PID:2608
                                                                                          • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            2⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1912
                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                          1⤵
                                                                                          • Modifies registry class
                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:3424
                                                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Setup5.0\setup7.0\V7.0\040c.ui.strings
                                                                                            2⤵
                                                                                            • Opens file in notepad (likely ransom note)
                                                                                            PID:3052
                                                                                        • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                          "C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
                                                                                          1⤵
                                                                                          • Suspicious use of SetThreadContext
                                                                                          PID:3452
                                                                                          • C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
                                                                                            2⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1012
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                          1⤵
                                                                                          • Enumerates system info in registry
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                          • Suspicious use of SendNotifyMessage
                                                                                          PID:4372
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb1a4acc40,0x7ffb1a4acc4c,0x7ffb1a4acc58
                                                                                            2⤵
                                                                                              PID:3768
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=1936 /prefetch:2
                                                                                              2⤵
                                                                                                PID:2708
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=2196 /prefetch:3
                                                                                                2⤵
                                                                                                  PID:4564
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=2464 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:3088
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=3184 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:2448
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=3192 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:736
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,414802590609564772,10389013629371494078,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=4604 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:3316
                                                                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                        1⤵
                                                                                                          PID:3164
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                          1⤵
                                                                                                          • Enumerates system info in registry
                                                                                                          • Modifies registry class
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                          PID:1416
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1a3646f8,0x7ffb1a364708,0x7ffb1a364718
                                                                                                            2⤵
                                                                                                              PID:400
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
                                                                                                              2⤵
                                                                                                                PID:1592
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                                                                                                                2⤵
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:632
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:1192
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:2408
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:1780
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:1092
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:700
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:1660
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
                                                                                                                            2⤵
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            PID:4188
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:3996
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:1684
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:3128
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5012
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:2776
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:4856
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:2472
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:3276
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:3596
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:2904
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,819573438619481521,6662707284530507899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                PID:5064
                                                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                              1⤵
                                                                                                                                                PID:3252
                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:432
                                                                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3847055 /state1:0x41c64e6d
                                                                                                                                                  1⤵
                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:3836

                                                                                                                                                Network

                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                Replay Monitor

                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                Downloads

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                  Filesize

                                                                                                                                                  40B

                                                                                                                                                  MD5

                                                                                                                                                  0cbe49c501b96422e1f72227d7f5c947

                                                                                                                                                  SHA1

                                                                                                                                                  4b0be378d516669ef2b5028a0b867e23f5641808

                                                                                                                                                  SHA256

                                                                                                                                                  750530732cba446649e872839c11e7b2a44e9fb5e053fc3b444678a5a8b262ac

                                                                                                                                                  SHA512

                                                                                                                                                  984ea25c89baf0eb1d9f905841bda39813a94e2d1923dfb42d7165f15c589bd7ff864040ec8f3f682f3c57702498efff15a499f7dc077dd722d84b47cf895931

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                  Filesize

                                                                                                                                                  649B

                                                                                                                                                  MD5

                                                                                                                                                  2786fa96873e80db088448d468197032

                                                                                                                                                  SHA1

                                                                                                                                                  25e1655c585b9b524bfb0d03a427c94284f2d7b0

                                                                                                                                                  SHA256

                                                                                                                                                  3a6e216819063aa5ed057045c1c36bb199e42fc6fcd9a76c4507978fea3553b4

                                                                                                                                                  SHA512

                                                                                                                                                  b8ffc40102cba967691d4acf0a0b0b03ae126a1c0a396649d75bd9a861f4145e583abb5116d303669d7de89f8589d73cff3cfa4976c40cd2dd8631816c623106

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                  Filesize

                                                                                                                                                  44KB

                                                                                                                                                  MD5

                                                                                                                                                  d59fb9eb17c087535e255ed91f56c397

                                                                                                                                                  SHA1

                                                                                                                                                  bd1aab2aeb7b89877327e44071cf3035e9bdd2f8

                                                                                                                                                  SHA256

                                                                                                                                                  6932f8e91fc14f3bd15ffd87f4550736ab2fc81763ee9c9fd8abe8373184506d

                                                                                                                                                  SHA512

                                                                                                                                                  8f8b18b0423755d5e69ff8bd7709241173ac06f7707ef5fa9889c97609b6140d441e9faa16bec13f22b5c3540620d125fc5d4650eabd6110b89deece1e88be59

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                  Filesize

                                                                                                                                                  264KB

                                                                                                                                                  MD5

                                                                                                                                                  84c5e901e9505cc80148904f9ef27144

                                                                                                                                                  SHA1

                                                                                                                                                  c796b4d95bd22e543dd27111135d442a2b7f2007

                                                                                                                                                  SHA256

                                                                                                                                                  54f37ec1d7b38e204581bd8e46f245ee5f7d5ab5d1e59a3194d420b1080b6960

                                                                                                                                                  SHA512

                                                                                                                                                  1704fb68024b27b14ac8467f2ded72e1392cf3101aaaf79763ceb60c4e811d04ed48667b611daca2503d870115c515fd25d4bf9adc6d3a4659e2aa03bf8c929d

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                  Filesize

                                                                                                                                                  1.0MB

                                                                                                                                                  MD5

                                                                                                                                                  0c91db6214f5ecf8315eb8602ae41c64

                                                                                                                                                  SHA1

                                                                                                                                                  16f959dc12b3c9852bc72fff9ee74c7d674d23e4

                                                                                                                                                  SHA256

                                                                                                                                                  435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

                                                                                                                                                  SHA512

                                                                                                                                                  47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                  Filesize

                                                                                                                                                  4.0MB

                                                                                                                                                  MD5

                                                                                                                                                  5888c7963aa0022bc2bb086f6318f5a3

                                                                                                                                                  SHA1

                                                                                                                                                  ca1c23cd2a19705f95d0612164619fce55aaa0c7

                                                                                                                                                  SHA256

                                                                                                                                                  81b7298057f0d5b6eff80800949bf7a99b9ba1f419aa5d5e74ba0eca9707bee4

                                                                                                                                                  SHA512

                                                                                                                                                  47f1d97c4c4113f18dba8c4a259b608a12050ac37df3c4cd3a3a0afabd9cc2ad22b1b99ac67af0e101b455e77ee521c90f7d410a7b68a72c4d8389d21351b6d8

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                                                                                                                  Filesize

                                                                                                                                                  215KB

                                                                                                                                                  MD5

                                                                                                                                                  d79b35ccf8e6af6714eb612714349097

                                                                                                                                                  SHA1

                                                                                                                                                  eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                                                                                                                  SHA256

                                                                                                                                                  c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                                                                                                                  SHA512

                                                                                                                                                  f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                                                                                                                  Filesize

                                                                                                                                                  41KB

                                                                                                                                                  MD5

                                                                                                                                                  ca9e4686e278b752e1dec522d6830b1f

                                                                                                                                                  SHA1

                                                                                                                                                  1129a37b84ee4708492f51323c90804bb0dfed64

                                                                                                                                                  SHA256

                                                                                                                                                  b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

                                                                                                                                                  SHA512

                                                                                                                                                  600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d57625103830e3cb_0

                                                                                                                                                  Filesize

                                                                                                                                                  374KB

                                                                                                                                                  MD5

                                                                                                                                                  fcb1c4a1955dfa9c5bd1379f1ee6dfee

                                                                                                                                                  SHA1

                                                                                                                                                  b7b5e64b95f5e1dd897835802b52bcfa81a79512

                                                                                                                                                  SHA256

                                                                                                                                                  73aaa3643854e2691410df7077da19c3d74a2856b27d64d3efb859ace5b7a9b0

                                                                                                                                                  SHA512

                                                                                                                                                  7ad53e359061180335592f7b23c482ef7479835a30a2a229c908077fd0878158509c1e66684a0606fa6a9a22558ca8cb07918b1a3270b2b48003629fe3dbd58e

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

                                                                                                                                                  Filesize

                                                                                                                                                  289B

                                                                                                                                                  MD5

                                                                                                                                                  af23d92bd1f57de4cd3bfe1f1ab2354f

                                                                                                                                                  SHA1

                                                                                                                                                  61766a9f169c24217b6dd694b8e6b5ec23efde1e

                                                                                                                                                  SHA256

                                                                                                                                                  ebb0190ab5f214abfd8407441462a4e38920f9df64ab3617bb2930b840bd8c85

                                                                                                                                                  SHA512

                                                                                                                                                  94173258f7ceefe650e51c4293fa76a79b636e72e833ece648046458bdbeab50665f036c61328e8adc475efc736cf1d4763376998c2fe493a4cf5c8125077bad

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                  Filesize

                                                                                                                                                  216B

                                                                                                                                                  MD5

                                                                                                                                                  176a3659804d91d9cce6fb120a9f60c4

                                                                                                                                                  SHA1

                                                                                                                                                  cbdd8703b31deaa84e9e7fa7d4d34f05de3fcce6

                                                                                                                                                  SHA256

                                                                                                                                                  18726a717e92292e5de82fe15cf23813a3e3d21e02730fa9f8402d6cb13dd66b

                                                                                                                                                  SHA512

                                                                                                                                                  4dd5113cc2e9b605883337355c9269295d85c4d5e64e7ea97bd7e212e53c344c27c24cbc6ed458aafe075515a308bdb4cf52e9b24d048e1894e3078512fbcc80

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                  Filesize

                                                                                                                                                  264KB

                                                                                                                                                  MD5

                                                                                                                                                  f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                  SHA1

                                                                                                                                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                  SHA256

                                                                                                                                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                  SHA512

                                                                                                                                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

                                                                                                                                                  Filesize

                                                                                                                                                  851B

                                                                                                                                                  MD5

                                                                                                                                                  07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                  SHA1

                                                                                                                                                  6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                  SHA256

                                                                                                                                                  6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                  SHA512

                                                                                                                                                  7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

                                                                                                                                                  Filesize

                                                                                                                                                  854B

                                                                                                                                                  MD5

                                                                                                                                                  4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                  SHA1

                                                                                                                                                  fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                  SHA256

                                                                                                                                                  6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                  SHA512

                                                                                                                                                  939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

                                                                                                                                                  Filesize

                                                                                                                                                  20KB

                                                                                                                                                  MD5

                                                                                                                                                  7d4b00470c54d0fa9976d5c9c46a476d

                                                                                                                                                  SHA1

                                                                                                                                                  0f233abb75639f420c3ae341a0d5727bdda7ee1e

                                                                                                                                                  SHA256

                                                                                                                                                  d6321e29f147b7d8070e6da5c26473a5e31000368496a1d31bbe643dc98ddb70

                                                                                                                                                  SHA512

                                                                                                                                                  58d42f5031ca61bfb30fb82bef3f37c4892350e83985303b8f1451c310d43504cc791ff4c4e7fac20da198f4eaaa9f381a5035b1bfb9fdc956aebe39d653ca6a

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                                                                                  Filesize

                                                                                                                                                  160KB

                                                                                                                                                  MD5

                                                                                                                                                  37f8fbe873eff42c19eca23659ebf635

                                                                                                                                                  SHA1

                                                                                                                                                  0f9c87f362790e3c092fb4c0089ff5838fc03ea9

                                                                                                                                                  SHA256

                                                                                                                                                  33ecef0593563a4f8a04acfb7ea2e830a084fdb065ce4607678274bac6821e59

                                                                                                                                                  SHA512

                                                                                                                                                  b042c26a1a017c674a6404fd1ebd093dddd886f4debbd9fb15b519fede462186da49acb82cfea833f1364b83edde4af645d1f8a4dab14d2d6536c51e81d556b9

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                                                                  Filesize

                                                                                                                                                  20KB

                                                                                                                                                  MD5

                                                                                                                                                  6da393ef1c0ed662524b1a33300bdc34

                                                                                                                                                  SHA1

                                                                                                                                                  09158d3f89a4014c84534b57ff53e998307db409

                                                                                                                                                  SHA256

                                                                                                                                                  5a7bf22448ab1cad7e6e39e6b89dd840404d8b656d50e4cd3ccdae3cf66a46c7

                                                                                                                                                  SHA512

                                                                                                                                                  0e7d0d3e3c9f22a129a21863e9d472ad1ae5e18a62e4f0ad808bc478d034c62d7d35a63b58137378a779f7ba7f8108d23b88a8a396c704ea12b5f78d55f03837

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                  Filesize

                                                                                                                                                  2KB

                                                                                                                                                  MD5

                                                                                                                                                  1f9e48abf0c9559409bb1e3a5c6becdd

                                                                                                                                                  SHA1

                                                                                                                                                  2d6595608758734f6aefd3d2b10ec48adff0e722

                                                                                                                                                  SHA256

                                                                                                                                                  b5978443a5fe5f61b60de6b6b98f4152b5c464686678262a4ded18894f1e9678

                                                                                                                                                  SHA512

                                                                                                                                                  6d8f07d9dd2edfd2b83572965bd25ef72332b54575517bc09f06b2bb4f20c54c7802af206a7238f052c729f12fa0593f180d4fbb7242a90b556d4a0bf28c2c25

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                                                                                                                  Filesize

                                                                                                                                                  36KB

                                                                                                                                                  MD5

                                                                                                                                                  3e5218d3350e30832155d3c25e036f1d

                                                                                                                                                  SHA1

                                                                                                                                                  0751a689c6d1d3c78c9175fb67c68ddf37ed0649

                                                                                                                                                  SHA256

                                                                                                                                                  134fe5e85ade2bebd356e4c70624ee0fd717ca93c04d6baa095024070e05bb49

                                                                                                                                                  SHA512

                                                                                                                                                  d66249bdc2fd97d03fc630cf50e643c925dc7a8ab79451c04457906d24aa21b9cdbc5ca89d91534c8f8489506323b9df32025a2cf9db9bc6ab829029a87bb32f

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                  Filesize

                                                                                                                                                  2B

                                                                                                                                                  MD5

                                                                                                                                                  d751713988987e9331980363e24189ce

                                                                                                                                                  SHA1

                                                                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                  SHA256

                                                                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                  SHA512

                                                                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  356B

                                                                                                                                                  MD5

                                                                                                                                                  f5476bf06bf2836a036f3045dd30b9b9

                                                                                                                                                  SHA1

                                                                                                                                                  2e709da87e608118fc21dbb283616527338b15fe

                                                                                                                                                  SHA256

                                                                                                                                                  6757d97966a98458d0bf253763cf1c6ef8460673044a268794e8977dc345ea58

                                                                                                                                                  SHA512

                                                                                                                                                  7359099a17c2f05c53c91aae7c5e147087e382f81597c48075fabc8382a1596256e3b89a7f3f10d2c3f06381586991f71bbcfac130fa7d9d1cf0a787dcdec788

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  356B

                                                                                                                                                  MD5

                                                                                                                                                  58507ab7d330f85bd1ab75c5fa32d895

                                                                                                                                                  SHA1

                                                                                                                                                  fdf193b81810e9dc79a1ed5a3ccdac52462abfbf

                                                                                                                                                  SHA256

                                                                                                                                                  e279434dd183c5385f5e0a75358043be97d0d1261e2ff52889df79ed384c45fc

                                                                                                                                                  SHA512

                                                                                                                                                  5e73f5ef441e284a7dc43fe4cec55056bb86f25b5eca96e47e957b333d172e59841b43726b403f92f11a94781f2aa50c847b8ce1f21b0cb273e6c7d9b615182f

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  356B

                                                                                                                                                  MD5

                                                                                                                                                  fe541d9ca6f60cba8d7526f940a76e4c

                                                                                                                                                  SHA1

                                                                                                                                                  ea148667bf4dfc409157d6e8985db3c3426f56ec

                                                                                                                                                  SHA256

                                                                                                                                                  1ea674e5218bfe59d54a2ad30ce373260c2b71b9a570f93caa40517423e7297e

                                                                                                                                                  SHA512

                                                                                                                                                  6904fc204ea8870cf76edc005ff6714b67844fe67322e3af8316800676f1fdb7847c223ae201e16de4edd3307d64dc59cb3a65b47bca2b7566ae8e4c7179cc2f

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ed153b1f-24cc-4ebb-9e2a-59a6d1a51aad.tmp

                                                                                                                                                  Filesize

                                                                                                                                                  2KB

                                                                                                                                                  MD5

                                                                                                                                                  c92555dbe2331cb2b4d49d96a9646cd6

                                                                                                                                                  SHA1

                                                                                                                                                  3d43e59afddc75199ba365f00a62053ef14869ab

                                                                                                                                                  SHA256

                                                                                                                                                  8df7ad39e78fe4f4d996e164b5b879ea4309e34bd04b23fa8a4f30f0f7e628a0

                                                                                                                                                  SHA512

                                                                                                                                                  b666350daf4bccda4713338b2232587399faf2b3a110b962e8ec6a5ae49c872b7546ed200866146ff46632fbea4e2ad65fe482a9b845631a13ec0f5254a047f9

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  10KB

                                                                                                                                                  MD5

                                                                                                                                                  d2fc90fca9d4ff73262f4ac8988f4426

                                                                                                                                                  SHA1

                                                                                                                                                  3439ebbda361bfe94ccf7b63ff30258cc0c0d3c8

                                                                                                                                                  SHA256

                                                                                                                                                  d13579c3fefc86263a5a128c67fb45567de6b71e9636ab42d27b7f67d42fe6ed

                                                                                                                                                  SHA512

                                                                                                                                                  8c7703946c003745e23eb28d24d6ddba70067456a00844be546eb9d94e2fc19cca1c73e17ff842a8ce56131d6dea3a4233a2da3868a60fc25786a420db1a515a

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  9KB

                                                                                                                                                  MD5

                                                                                                                                                  175a4bb617c0060992a953b8b7321612

                                                                                                                                                  SHA1

                                                                                                                                                  8923a744f7cd852479c3a5357b21b2514f02d8b9

                                                                                                                                                  SHA256

                                                                                                                                                  e4b2a1eda53166f989227f38227162c629b5dbae667f3de09c83006090844d1e

                                                                                                                                                  SHA512

                                                                                                                                                  1a02e9c0e4ea48db3e46e6591a7c0a87cd704d4a01291cecaa09182b3bd11bcaf7e5e854d701c3003bed7e8c3125b1aae049d19a8104e3d2b5d92377754a0780

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  9KB

                                                                                                                                                  MD5

                                                                                                                                                  95224fb599cbcae66e0fc9cf3439eca0

                                                                                                                                                  SHA1

                                                                                                                                                  268e02260eaeb14825a5e6e2a170962ffaa27647

                                                                                                                                                  SHA256

                                                                                                                                                  e9b6c397a3063d541c48c394c4ab7255d824a94b2e9c036fdb834ec499b3f774

                                                                                                                                                  SHA512

                                                                                                                                                  8cbb153e55f110bfb24cd6f6589cb643fca2f9bd8a3a5b07762d219e92180b46ff45156564449bb3aa766fbfc89f30e70f0f51bb11c79f036612fc64c7bac3a0

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  9KB

                                                                                                                                                  MD5

                                                                                                                                                  b9fabc03d929a828b616ce800fa9ce44

                                                                                                                                                  SHA1

                                                                                                                                                  c7224d62a43a3efe481e39ddd0aeb27c07aad621

                                                                                                                                                  SHA256

                                                                                                                                                  7680a5355ff4bfe4f07a1f6b56f9b608df6c8eb31367c403f0b9fa7b410a8355

                                                                                                                                                  SHA512

                                                                                                                                                  e98260b4c797b65592b37c2007cb78dd6a9c50bc82664c88151c79a3632b324ad2486f88738f07eab31921d7f6baff144e233e0d764bb7311718e522f3d5cb24

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  15KB

                                                                                                                                                  MD5

                                                                                                                                                  797203f2e017d52facd5675c816f90b5

                                                                                                                                                  SHA1

                                                                                                                                                  81fa869cd308847d63c6e4cdbc3dfa62cf9bbdda

                                                                                                                                                  SHA256

                                                                                                                                                  05c6c661139310074f366a38c147f3be65378e710de65479921b3bd165dbd778

                                                                                                                                                  SHA512

                                                                                                                                                  6a01ac59bcb720f3afc6f663c00739700cd2cd9446bc787c0a1ae77c8e8919ca9cd844eb17d7f26fdd03a5aca3a8fc21f7b15c46d99376df6dab8c9131319214

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                  Filesize

                                                                                                                                                  336B

                                                                                                                                                  MD5

                                                                                                                                                  7f3d49d2a519e6b43ac8703f99d8cc74

                                                                                                                                                  SHA1

                                                                                                                                                  6f0058f6236751703aeec4276ba0b266a4d39253

                                                                                                                                                  SHA256

                                                                                                                                                  690c3b8afe442a0db6d45e395ff5d8373a857eb6000d4db3b53f3b36de22d1cb

                                                                                                                                                  SHA512

                                                                                                                                                  8ff08ffbe06b44cc9a8627d40ca1e11d250331746bb3a1b9622b098b41a4a5293da4534eb5ea179f1a1b8baab5a069d9fe7e5436848e04ec7218ad7ff7bc7cae

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                  Filesize

                                                                                                                                                  72B

                                                                                                                                                  MD5

                                                                                                                                                  3361cec327efcd9603c3f7290b1d080e

                                                                                                                                                  SHA1

                                                                                                                                                  c280bde1cea0eff2571ff89283f6f65739f6a7a4

                                                                                                                                                  SHA256

                                                                                                                                                  d66db0930dc07438f211d4f9b7850b066a709ca1e4a1b7d8f6ff51f65ce67ed2

                                                                                                                                                  SHA512

                                                                                                                                                  998443f0ddf0cebb9b9682dff3eac99cf54935c1290c3cbb76a33a8513480863edcba80c1f35182c02faf54eb4473a3554650c219826ea47750cb36c6e0ac6c8

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                  Filesize

                                                                                                                                                  321B

                                                                                                                                                  MD5

                                                                                                                                                  5c06e78141f4bd78671692d54ed237a4

                                                                                                                                                  SHA1

                                                                                                                                                  e7d004b16252c5dd96f3dfd35b3c1860c6b6c131

                                                                                                                                                  SHA256

                                                                                                                                                  acb21b3980acf1cf2dd5929cb0d227300ef4524db50d4db1ca7d8c3b58f9e9d6

                                                                                                                                                  SHA512

                                                                                                                                                  b43e4cbf4d1e6820feb5bc0394d6aa04aa278f2607b16ae22bdbe192a274d77bef313f3ea4a5543be08c4af3cca0b9e45c098c05e3b70ca17df45bb9395132c8

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                  Filesize

                                                                                                                                                  14B

                                                                                                                                                  MD5

                                                                                                                                                  ef48733031b712ca7027624fff3ab208

                                                                                                                                                  SHA1

                                                                                                                                                  da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                                                                                  SHA256

                                                                                                                                                  c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                                                                                  SHA512

                                                                                                                                                  ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  119KB

                                                                                                                                                  MD5

                                                                                                                                                  779fa91264ca4cb7b96531ab3443a688

                                                                                                                                                  SHA1

                                                                                                                                                  da2a9fb85768a9bc2cd8ffec9dfe810c37f95042

                                                                                                                                                  SHA256

                                                                                                                                                  4bfcdb2922d5924de86c9a8ff638759d7c073bf66e7f791e681c6e50eece6a70

                                                                                                                                                  SHA512

                                                                                                                                                  3eca62c72897be8750c92ccaeb934c0582d1f763800896cfecd51ae83b6b8b9a667e0f0633f035bb13ee619e191ce1fba4893a18e9fc4eede4b56b1e17139f35

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  231KB

                                                                                                                                                  MD5

                                                                                                                                                  fda87581d758133ea289a275f5a5dee4

                                                                                                                                                  SHA1

                                                                                                                                                  0eb11a716082b421872eb1fd75e9f6d9f7dc23b4

                                                                                                                                                  SHA256

                                                                                                                                                  b4c4728dfc266a297d177cf730344dea4b340a2a5689d2d78b1b2ed984dbe8f5

                                                                                                                                                  SHA512

                                                                                                                                                  06396b854fce73116cfedc4066da1509bca775eeac095a594d9cf0ed29e0bfbbd54c7f6895e4f6e770357240e5d543abb4e272f149f37c5c3e496d81f85a6297

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  231KB

                                                                                                                                                  MD5

                                                                                                                                                  d6c77b76e9f55000113f91a1cfe02b61

                                                                                                                                                  SHA1

                                                                                                                                                  f3126bd0c907ce93a13b8bb11d3870ab4f14b942

                                                                                                                                                  SHA256

                                                                                                                                                  0c35742ed59f27a51121e7e3de2330d2eb870fbdc57cbd92023355be3d4ea7ad

                                                                                                                                                  SHA512

                                                                                                                                                  12447fdff6af134b5fa0d8a7ad4f5ea749f571efa322e5bfd81330b6866c7eb147658781846f3b9e8f1291018856a75bd57a39738ef4c94293b162649b68a722

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                                                                  Filesize

                                                                                                                                                  86B

                                                                                                                                                  MD5

                                                                                                                                                  961e3604f228b0d10541ebf921500c86

                                                                                                                                                  SHA1

                                                                                                                                                  6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                                                  SHA256

                                                                                                                                                  f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                                                  SHA512

                                                                                                                                                  535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

                                                                                                                                                  Filesize

                                                                                                                                                  28KB

                                                                                                                                                  MD5

                                                                                                                                                  83105a1efd8759e1000454ed53c672bf

                                                                                                                                                  SHA1

                                                                                                                                                  b142a3fbaa88da1ba5389808c242ecf5de2871dd

                                                                                                                                                  SHA256

                                                                                                                                                  ee0fbd77ed53909f5d1933bc17f28626a7b5dfabe9187dd675f2ec11f58102ea

                                                                                                                                                  SHA512

                                                                                                                                                  f4f983c7555b36488e5a66552fba09183348088cdc961d110fef85672344418027c5da1ec108214689ca50544e7ece1a7377ced4f1e5767cc397db006cdb56ac

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

                                                                                                                                                  Filesize

                                                                                                                                                  4KB

                                                                                                                                                  MD5

                                                                                                                                                  24f891746a85600c7e74375317de77fc

                                                                                                                                                  SHA1

                                                                                                                                                  53ec6aac95e7bd6eba258b14cdacd2e68e79bb89

                                                                                                                                                  SHA256

                                                                                                                                                  1bbb0085850fd98f7ad1c1dae9d3ed6684d44f60c2bbcf2428268b0ba11812bf

                                                                                                                                                  SHA512

                                                                                                                                                  25b7076d5db17df863d076f9a8f6f03a127177d10521acab5f3c16ad157f13cb6912fb9502594f7de9f4ab861bbfab453a512fd0a7bf10448b9d8166701820d6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                  Filesize

                                                                                                                                                  152B

                                                                                                                                                  MD5

                                                                                                                                                  37128b4e4883085adb70212099d33acf

                                                                                                                                                  SHA1

                                                                                                                                                  9c716ed5401e9dc2c6879b03f0a34d824d2ede99

                                                                                                                                                  SHA256

                                                                                                                                                  91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7

                                                                                                                                                  SHA512

                                                                                                                                                  3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                  Filesize

                                                                                                                                                  152B

                                                                                                                                                  MD5

                                                                                                                                                  c2d9eeb3fdd75834f0ac3f9767de8d6f

                                                                                                                                                  SHA1

                                                                                                                                                  4d16a7e82190f8490a00008bd53d85fb92e379b0

                                                                                                                                                  SHA256

                                                                                                                                                  1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

                                                                                                                                                  SHA512

                                                                                                                                                  d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                  Filesize

                                                                                                                                                  152B

                                                                                                                                                  MD5

                                                                                                                                                  e55832d7cd7e868a2c087c4c73678018

                                                                                                                                                  SHA1

                                                                                                                                                  ed7a2f6d6437e907218ffba9128802eaf414a0eb

                                                                                                                                                  SHA256

                                                                                                                                                  a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

                                                                                                                                                  SHA512

                                                                                                                                                  897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                                                                  Filesize

                                                                                                                                                  47KB

                                                                                                                                                  MD5

                                                                                                                                                  9f96d459817e54de2e5c9733a9bbb010

                                                                                                                                                  SHA1

                                                                                                                                                  afbadc759b65670865c10b31b34ca3c3e000cd31

                                                                                                                                                  SHA256

                                                                                                                                                  51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

                                                                                                                                                  SHA512

                                                                                                                                                  aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                                                                  Filesize

                                                                                                                                                  62KB

                                                                                                                                                  MD5

                                                                                                                                                  c813a1b87f1651d642cdcad5fca7a7d8

                                                                                                                                                  SHA1

                                                                                                                                                  0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                                                                                  SHA256

                                                                                                                                                  df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                                                                                  SHA512

                                                                                                                                                  af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                                                                                  Filesize

                                                                                                                                                  19KB

                                                                                                                                                  MD5

                                                                                                                                                  1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                                                                                                  SHA1

                                                                                                                                                  6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                                                                                                  SHA256

                                                                                                                                                  af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                                                                                                  SHA512

                                                                                                                                                  b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                                                                                  Filesize

                                                                                                                                                  67KB

                                                                                                                                                  MD5

                                                                                                                                                  69df804d05f8b29a88278b7d582dd279

                                                                                                                                                  SHA1

                                                                                                                                                  d9560905612cf656d5dd0e741172fb4cd9c60688

                                                                                                                                                  SHA256

                                                                                                                                                  b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

                                                                                                                                                  SHA512

                                                                                                                                                  0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                                                                                  Filesize

                                                                                                                                                  63KB

                                                                                                                                                  MD5

                                                                                                                                                  226541550a51911c375216f718493f65

                                                                                                                                                  SHA1

                                                                                                                                                  f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                                                                                  SHA256

                                                                                                                                                  caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                                                                                  SHA512

                                                                                                                                                  2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  a4c7b44dd76d33a277257b2b4435f504

                                                                                                                                                  SHA1

                                                                                                                                                  0e04d61364cdb3e01b7f63c891ec8e28a2ed953b

                                                                                                                                                  SHA256

                                                                                                                                                  532212eaadacd3fb05e256d860007d59e6b69bc89a312bbd22c36747265ad802

                                                                                                                                                  SHA512

                                                                                                                                                  b398f58ea08ad57c0d94eee6d6216fe8e9070b3553990bafd91017c541ca3e683bc2a3bc8e8ea2e84b9a7ab74c3c17a0598c475bb0db1ad193fadfbf4cc0354b

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  e0628dec5571f5f8e04cd2796da4b674

                                                                                                                                                  SHA1

                                                                                                                                                  9e76b069b1cd0f4b3644e4fd4f960ab8311f7b9b

                                                                                                                                                  SHA256

                                                                                                                                                  0d34b053180e4f1f34e4c4e3b542abb00062f5bd92bf68ed65eca9a2bcf4f9a0

                                                                                                                                                  SHA512

                                                                                                                                                  f14e32d8e230bc2f8f31b6c873f7402c91999d17312c9258de7c4133afae87ce404fcec3475925d54f2046012a6e020444df6e27ee4e7fb50ca7b8f9a47ac341

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  63fdfc3841394edc9f94bf6c92d424eb

                                                                                                                                                  SHA1

                                                                                                                                                  58dcbade7c47dc24c961544f1743fcf5ce1eee9a

                                                                                                                                                  SHA256

                                                                                                                                                  d4a5c30eacec86e854be3a4a69a4b08ef6a776b0d7460a8a3da7cdc2e5f3192e

                                                                                                                                                  SHA512

                                                                                                                                                  3ab0da5c00779160a0398d3b7ac78402900caa60686d0fd5a0a5e0fb54f5943357901c006e2a91b1f5b5eee99b962b454fae8a4da1408e84c87cdc71f08e4f38

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  b01850af5baf3942478a92b0d02283e0

                                                                                                                                                  SHA1

                                                                                                                                                  4a7a23b70970d318afdc4315182fec8d47ce8a47

                                                                                                                                                  SHA256

                                                                                                                                                  680135d035876117c13a9e9d5ee463df2defb3b03cf85ccf7e7771195e92d162

                                                                                                                                                  SHA512

                                                                                                                                                  6fc48701980ae778f29858ec2ef5626f07dba540258d5306d1770fe757112faa13eaeca90c70bb56139a4c9c24013c4a4d3366dd5d0f1c6ef5a03584a84d29c9

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  d653fc6e4979c29efbca9d749e31133e

                                                                                                                                                  SHA1

                                                                                                                                                  1e13811df87f5a40dc19c7c70b5e99d96712aead

                                                                                                                                                  SHA256

                                                                                                                                                  b19140d5cd9bcb461c6245940ec2237eedb645a3c709c28cd0edb09f2c4554a5

                                                                                                                                                  SHA512

                                                                                                                                                  1cd15d56f2f184d7293ecbfe1da3deaa50b68c1d73bad3acbb963532ad31e57bdb6e64c1fd6c7cec61eb32dabb72399d51613743030af2d08c03ccd19c02f51c

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  b032240b39cb9e2e4fe2daa4ad42c7b5

                                                                                                                                                  SHA1

                                                                                                                                                  30e04257783b911dada914ee1bd245075439b075

                                                                                                                                                  SHA256

                                                                                                                                                  aa212ffe1b14be0b6d88eb0ac91119fe04cce2a126bbb00ab7fca43450a27916

                                                                                                                                                  SHA512

                                                                                                                                                  9ae86b78fe3d3a8fb40728ff241936be26727c8c54d227e2d91b711f87a353bdea90762b9148bddea2e4d9b2b908b3444e9197d60e6d7bf2769e83d7900cd864

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  6KB

                                                                                                                                                  MD5

                                                                                                                                                  84f262e0cd9a1de9e1f1156144c124a4

                                                                                                                                                  SHA1

                                                                                                                                                  6917d57a06707838a2a3f10b23ce45bf9f71d427

                                                                                                                                                  SHA256

                                                                                                                                                  3320ef5047078ff17b9e554781c8490e1c3dde755fcd3ecc71477c6509fb9288

                                                                                                                                                  SHA512

                                                                                                                                                  f543851ee9908335387154b7b88cee534b1cafcbb97ebc4479bd076e412b41ac3f753dd529c06d8bcea97b380a64715de7482df8241118ebdefb47c24838a6d3

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  4b64f91c311cdeee32e02f349c780cff

                                                                                                                                                  SHA1

                                                                                                                                                  3bf1528d9aec81d8873021b91926e2f1d45aaad2

                                                                                                                                                  SHA256

                                                                                                                                                  cc5a5f3cc332f6e40829381dc30f2a4d7d12907669488c19f5561310ce5ad729

                                                                                                                                                  SHA512

                                                                                                                                                  5909e5619a35c3257e5f01c574566f32cd9f86a5b1713acd24cedd05fa04fa199d16fdbd8256cf624af26e96d19bf147c620f96a285b3b10f1151bf69fc685e5

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  55c205bc53599a68a666cdcf368b5dca

                                                                                                                                                  SHA1

                                                                                                                                                  bb586a934ff95f995cbdb0aa924aba7c41515999

                                                                                                                                                  SHA256

                                                                                                                                                  9b686e657963348b52c5e873bc2a3e4b3c49c532b11f1099a0cb47a644f13879

                                                                                                                                                  SHA512

                                                                                                                                                  c2d997d4c907eb270ab4864d0e2febe9c5e1ec9b420637ceb52c56528c76979988f60c08ca7bab3839be37a8cb48e2f07c2d93c6b093e726ca29106e0234a092

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  6KB

                                                                                                                                                  MD5

                                                                                                                                                  b886381424a1ebe0c23b39e58de2c2f9

                                                                                                                                                  SHA1

                                                                                                                                                  fba6162c924e857379fe87dc8e54884ac2a1c8a8

                                                                                                                                                  SHA256

                                                                                                                                                  41c64950007ea249c0a2c873e3b697f6e67e7ccff97ce56ac371815740e17129

                                                                                                                                                  SHA512

                                                                                                                                                  2f732184fa6a6550d76270705abd88852e9d6a33c7df27da5729433221d42df22000a555aaee54c2ae6ebe790ff5c9bc217e52ce34acd0201801129d284d0047

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  5d494ccd9e27f7e07d8255e91db65493

                                                                                                                                                  SHA1

                                                                                                                                                  439a5495cb2e76a2d1cc9d3861c10df77718e565

                                                                                                                                                  SHA256

                                                                                                                                                  12854188d81ee8b8eaa2dc2327a2165599ff035ff7261e9871d99353a0193f74

                                                                                                                                                  SHA512

                                                                                                                                                  e2c4dfef2c8bdf18e5db12a7fd3125305cc43edc44011a70fdfc018276ce5a4576b342cbaccd19fb394d200df6435e4271de77d4039e14836ba2e56009ed99ce

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  f2e4bd25b7964a19df71813aba0d5865

                                                                                                                                                  SHA1

                                                                                                                                                  f283cfdd1434081eae2dc829dccc0b2924a12849

                                                                                                                                                  SHA256

                                                                                                                                                  3655e94ac45b7861f04fb70b6bd0aa46c8eb5dcfbd228b33e900f8acd796275e

                                                                                                                                                  SHA512

                                                                                                                                                  af0699e1d467c834506fcac4ab1fbc45c708adc5edb01a30df75da32325e65bfa9b17eaa8b393502736fbca2712b98e4c13c5a1656fd61c01be9e50dd2ffada2

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  5KB

                                                                                                                                                  MD5

                                                                                                                                                  ad06ae9237564924c964e8a548074f0a

                                                                                                                                                  SHA1

                                                                                                                                                  4d933c9ddad1c415f885755bc9dc319288b18062

                                                                                                                                                  SHA256

                                                                                                                                                  456e602ae5560be24d4cc85d43640f0e33cabee4858d88707bcbdebc2e895844

                                                                                                                                                  SHA512

                                                                                                                                                  224edee173f57f7bfe4658734e35b29a9243852bce73094e41b1856e4e961942b66c7cf94c420a78b7a0801547c4fb6fe73af6a6737afbca8a384684b34a74fd

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  6KB

                                                                                                                                                  MD5

                                                                                                                                                  656695579998eb77268fdb4f7d7d5ec8

                                                                                                                                                  SHA1

                                                                                                                                                  ed85c51f76b1fff6659afea4cf32be129cdedd7d

                                                                                                                                                  SHA256

                                                                                                                                                  c322804ab92ff1c0996a268bc1f614faf81fe96bb97c3061cb91545188c30554

                                                                                                                                                  SHA512

                                                                                                                                                  1d25cbb4c0a04c2f2da4f6bda8544d51ffab1f916c5f2aff44d2da53776341cf5370d488a86b8594bc470b5af5bca4b8ea4d27ad5e757021c30cb8f65f5068ce

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  86500aa8904785f93fc55b373bc49d3e

                                                                                                                                                  SHA1

                                                                                                                                                  a1eba68862725b9c8cc1696cf6a186b6f8a6ca68

                                                                                                                                                  SHA256

                                                                                                                                                  2d4097ec8ec5c0877c68b5ec617766c0104f79f20c4760f15488bdfb5216bf32

                                                                                                                                                  SHA512

                                                                                                                                                  ff893c2762c4944176d543ed207eddb2762d7e75845cec82b3e450383284b132fb9de550bbac6b33a4904d247a6d3005261c58f679e7638cece94528d179dbd2

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  8757c2e9897f4c77608e13212eaab00e

                                                                                                                                                  SHA1

                                                                                                                                                  c6bb010e7a045cb8764e8b9ea06c047003a6c59e

                                                                                                                                                  SHA256

                                                                                                                                                  ed16daa5a65cb6392ab6f8fa0e0eb446c94e1d2ac60ac21d1a37aefc65aed617

                                                                                                                                                  SHA512

                                                                                                                                                  bc585b58caf4af5b65767e10a25d3486f98852d2b93103c0f8af85048c6f073d83a768db095a30a526d2d7b03d287b64a129760d994dfc2a794378162cb2f8e6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  d18755e1f4d2c4c2b0ff320f7bbc01ff

                                                                                                                                                  SHA1

                                                                                                                                                  91d238fa893d9b2fd10cae606ab520295585bc71

                                                                                                                                                  SHA256

                                                                                                                                                  21011ee3f02944cd63f61a9a73a6c8479c378e4f47fd6d6f2ec98dd56c9c0d22

                                                                                                                                                  SHA512

                                                                                                                                                  e60be26fe43cc0ce930fa944d41007e82df178dec01b5a4a41a80ec5d5a40b101e6268337d4f645d7825b3300f542d7f2cd8d402c23ca035c9713d311a7e3fef

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  ce60f9d10b4d91509a9a10ba4eadfffb

                                                                                                                                                  SHA1

                                                                                                                                                  ee99985e058ac39c92ecd0cd664f469699d4c531

                                                                                                                                                  SHA256

                                                                                                                                                  0cabaa2a50af598890a90e91fd2b7cf1c3d8907053a828116fe6842879bfdc05

                                                                                                                                                  SHA512

                                                                                                                                                  5d490f07f167c9fd008bb8111aefbe21d140a6696f311d2f3fface442b6128913ed2c2d81aaf74b2c27980dfc96f1622e40373ad08f55ebc81a36cc4cf74c96c

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  fa40186fca3615f1e447906a20854c5a

                                                                                                                                                  SHA1

                                                                                                                                                  1dab8c04418ac6147eee48e96b4a0a7da45aa3b1

                                                                                                                                                  SHA256

                                                                                                                                                  ce26444404c325736112d53b56d4bf214d958a969459cc3a55ffb7fd18add703

                                                                                                                                                  SHA512

                                                                                                                                                  6a76cb63f85d3fa67516d96ca7cbc04fca66fd93c728460efb4b278fbfd6b50461b21fceddc0038cfda26c35a45edc7348bc494584d14d718cdcc53a3fef804f

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  c884f6b655c3e93503face96cb5377bb

                                                                                                                                                  SHA1

                                                                                                                                                  0e74ca1a3acf23121c953f122f0688b7e9866b06

                                                                                                                                                  SHA256

                                                                                                                                                  f5fcf7c6e55b718d0b079374b93d76ba296e6987d6d9a1de59ab80199c119bce

                                                                                                                                                  SHA512

                                                                                                                                                  5067c51cb386a2778368409dfd0dd24465edc3199bcd8130fe799f845abb7271c110a85c1a007f81efb347040b2d8feadb725be8763a6e1314bc32007b38566c

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  90ae25b90cbc462be3f082b11ab1f1a0

                                                                                                                                                  SHA1

                                                                                                                                                  ead06f652b4333e223a56cf332f8d6b0b5838128

                                                                                                                                                  SHA256

                                                                                                                                                  3c8492f92a11b46fb6bc84949e614f9794c9f1452afb308eea34ea68e0b82282

                                                                                                                                                  SHA512

                                                                                                                                                  18b41250cf34df4d67602f956491d6a69b7b50c06f5ef92d4e03df2378beb142691e59de67010fbea53cf9d143606dac82d36c303098d32e6154921771c20d78

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  6c21c50fe32a15f220dcbdd94f88f550

                                                                                                                                                  SHA1

                                                                                                                                                  83fbb1fd9d01e66391a822ab1f73f4de2e442d42

                                                                                                                                                  SHA256

                                                                                                                                                  2ced5876de93a1763e326ef31098709835492cf89f8365f988bd15f003f2d3ff

                                                                                                                                                  SHA512

                                                                                                                                                  a73b45687c185c1861d9988b8416c4053452879c47a8ee1ff3c8c5c8aec0c4f62c1cfd4d4de43050d0f1059b78148ec316f20fc5a9a7d1f1430a6e6307a93f33

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d8a8.TMP

                                                                                                                                                  Filesize

                                                                                                                                                  536B

                                                                                                                                                  MD5

                                                                                                                                                  312f54dae16f3a8de5a9be5259a913b5

                                                                                                                                                  SHA1

                                                                                                                                                  4ef2f7e90eb628d384e74b5ac2a993e47157f94b

                                                                                                                                                  SHA256

                                                                                                                                                  93c927e80382ec721c6ec9bde2154c2541fcecef37b4600f95a4acf2bedb8020

                                                                                                                                                  SHA512

                                                                                                                                                  f002845971ca0398973a124beeb004f973485a5ab51612cb7704a96f9c7a860a9bcbf372e310a46115a650a911673f111e2054529377f9b424b1b26cbbfe8f01

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                  Filesize

                                                                                                                                                  16B

                                                                                                                                                  MD5

                                                                                                                                                  46295cac801e5d4857d09837238a6394

                                                                                                                                                  SHA1

                                                                                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                  SHA256

                                                                                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                  SHA512

                                                                                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                  Filesize

                                                                                                                                                  16B

                                                                                                                                                  MD5

                                                                                                                                                  206702161f94c5cd39fadd03f4014d98

                                                                                                                                                  SHA1

                                                                                                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                  SHA256

                                                                                                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                  SHA512

                                                                                                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                  Filesize

                                                                                                                                                  16B

                                                                                                                                                  MD5

                                                                                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                  SHA1

                                                                                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                  SHA256

                                                                                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                  SHA512

                                                                                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

                                                                                                                                                  Filesize

                                                                                                                                                  41B

                                                                                                                                                  MD5

                                                                                                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                  SHA1

                                                                                                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                  SHA256

                                                                                                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                  SHA512

                                                                                                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e1f1ee0b-234b-47fb-8a28-14368c23ea3a.tmp

                                                                                                                                                  Filesize

                                                                                                                                                  1B

                                                                                                                                                  MD5

                                                                                                                                                  5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                  SHA1

                                                                                                                                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                  SHA256

                                                                                                                                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                  SHA512

                                                                                                                                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  10KB

                                                                                                                                                  MD5

                                                                                                                                                  13c9946ce8f10696e5956b8ddade43a9

                                                                                                                                                  SHA1

                                                                                                                                                  a06804d3f15dd089941175d60aaa9a2908ada5d3

                                                                                                                                                  SHA256

                                                                                                                                                  9e758b399cabaa292c07bc51f71a8195b17e55909db4665ba147ee48af8f9f4e

                                                                                                                                                  SHA512

                                                                                                                                                  fcf3fa4fed38c1d087a4b2afb6338c6ac96cbcabd5b767c3d07c30ce3d84961de74f2e9e7ff4fcf61f4c6c75b56c52640c0cfb0454ede39ed0656419b1854505

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  10KB

                                                                                                                                                  MD5

                                                                                                                                                  6ea95ce213770ed697e46b9d33bbf5aa

                                                                                                                                                  SHA1

                                                                                                                                                  393ccafc12f8f114df916d866a37d66869cd80bc

                                                                                                                                                  SHA256

                                                                                                                                                  0f06210876aa0ab3583bdc77c1bf7f704b99dcf759e0014f8363b221c7e5f5ab

                                                                                                                                                  SHA512

                                                                                                                                                  6579e4eac7846a1c53163091fe181899bf2b8161cedfab9de339bd7293e2469540995d47b5fca2de97396010a972abab0669ad70a462ce4bbc07bbbb7c59a2a2

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                  Filesize

                                                                                                                                                  12KB

                                                                                                                                                  MD5

                                                                                                                                                  f6f2049666faea862c95105cdbd3b42b

                                                                                                                                                  SHA1

                                                                                                                                                  1620fb34bc117e1b52e9bc64da31e36949acf962

                                                                                                                                                  SHA256

                                                                                                                                                  24bd2a8d47b3d314eca87e41e48346cc48cb7b0cb9c3d36ddd024b2e33dd76e0

                                                                                                                                                  SHA512

                                                                                                                                                  4fa2dc170b325b00b7f8f0044fc22bd92928e5c7fed6c36b8923d3411c868005d2ee07f54a2dc164d264fb68a648ace641fcf0acc2fcf5e64c58cf1457637779

                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir1028_706637947\3febf560-5868-46f7-b9b4-5927007e5b9f.tmp

                                                                                                                                                  Filesize

                                                                                                                                                  150KB

                                                                                                                                                  MD5

                                                                                                                                                  14937b985303ecce4196154a24fc369a

                                                                                                                                                  SHA1

                                                                                                                                                  ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                                                  SHA256

                                                                                                                                                  71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                                                  SHA512

                                                                                                                                                  1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir1028_706637947\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                  Filesize

                                                                                                                                                  711B

                                                                                                                                                  MD5

                                                                                                                                                  558659936250e03cc14b60ebf648aa09

                                                                                                                                                  SHA1

                                                                                                                                                  32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                  SHA256

                                                                                                                                                  2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                  SHA512

                                                                                                                                                  1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                • C:\Users\Admin\Downloads\Setup5.0.zip

                                                                                                                                                  Filesize

                                                                                                                                                  2.3MB

                                                                                                                                                  MD5

                                                                                                                                                  d7d4d1c2aa4cbda1118cd1a9ba8c8092

                                                                                                                                                  SHA1

                                                                                                                                                  0935cb34d76369f11ec09c1af2f0320699687bec

                                                                                                                                                  SHA256

                                                                                                                                                  3a82d1297c523205405817a019d3923c8f6c8b4802e4e4676d562b17973b21ea

                                                                                                                                                  SHA512

                                                                                                                                                  d96d6769afc7af04b80a863895009cd79c8c1f9f68d8631829484611dfce7d4f1c75fc9b54157482975c6968a46e635e533d0cad687ef856ddc81ab3444bb553

                                                                                                                                                • C:\Users\Admin\Downloads\krnl-executor-krnl.zip

                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  0ae87ea6a6ea080281e192f3434e10b2

                                                                                                                                                  SHA1

                                                                                                                                                  01359ac777fe662c9393cd85dc250b847654e86c

                                                                                                                                                  SHA256

                                                                                                                                                  4bf513e99981c5651558d962b610d7ead373cd9275c0b96b3abf92b8cea0fbe9

                                                                                                                                                  SHA512

                                                                                                                                                  f214b6abf4414bd1b9e246b0f73973ae0456be26dd0ec26c0af16edb41521a75414ef54862cc6d407f1b0ca1ff47c4ce95dc7ab1460787d7279a51e944b1792f

                                                                                                                                                • memory/1012-1324-0x0000000140000000-0x000000014013E000-memory.dmp

                                                                                                                                                  Filesize

                                                                                                                                                  1.2MB

                                                                                                                                                • memory/1912-1322-0x0000000140000000-0x000000014013E000-memory.dmp

                                                                                                                                                  Filesize

                                                                                                                                                  1.2MB

                                                                                                                                                • memory/2976-1319-0x0000000140000000-0x000000014013E000-memory.dmp

                                                                                                                                                  Filesize

                                                                                                                                                  1.2MB

                                                                                                                                                • memory/2976-1320-0x0000000140000000-0x000000014013E000-memory.dmp

                                                                                                                                                  Filesize

                                                                                                                                                  1.2MB