Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/l...

windows10-ltsc 2021-x64

10

Resubmissions

27-01-2025 20:56

250127-zq3zzavnfx 10

27-01-2025 20:53

250127-zn91hawjdq 10

27-01-2025 20:14

250127-yz7h3stpft 10

Analysis

  • max time kernel
    519s
  • max time network
    517s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    27-01-2025 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/luis22d/ZeroTrace-Crypter/blob/main/ZeroTrace-Crypter/bin/Debug/ZeroTrace-Crypter.exe

Score
10/10
stormkittycollectiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 7 IoCs
  • Stormkitty family
    stormkitty
  • Executes dropped EXE 14 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 36 IoCs
    collection
  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 15 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Probable phishing domain 1 TTPs 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 42 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 13 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 24 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Opens file in notepad (likely ransom note) 6 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 61 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/luis22d/ZeroTrace-Crypter/blob/main/ZeroTrace-Crypter/bin/Debug/ZeroTrace-Crypter.exe
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff893bc46f8,0x7ff893bc4708,0x7ff893bc4718
      2⤵
        PID:60
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:1672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
          2⤵
            PID:2572
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
            2⤵
              PID:4624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
              2⤵
                PID:960
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
                2⤵
                  PID:3768
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  2⤵
                  • Drops file in Program Files directory
                  PID:4980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff701425460,0x7ff701425470,0x7ff701425480
                    3⤵
                      PID:3980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4388
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
                    2⤵
                      PID:5040
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5880 /prefetch:8
                      2⤵
                        PID:3848
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                        2⤵
                          PID:1020
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
                          2⤵
                            PID:3860
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
                            2⤵
                              PID:5044
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
                              2⤵
                                PID:4520
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
                                2⤵
                                  PID:2964
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1900
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                                  2⤵
                                    PID:3040
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                    2⤵
                                      PID:4856
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                      2⤵
                                        PID:4692
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
                                        2⤵
                                          PID:5024
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                          2⤵
                                            PID:4976
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                            2⤵
                                              PID:1896
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                                              2⤵
                                                PID:2964
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
                                                2⤵
                                                  PID:3856
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
                                                  2⤵
                                                    PID:4288
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
                                                    2⤵
                                                      PID:2764
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
                                                      2⤵
                                                        PID:3868
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                                        2⤵
                                                          PID:3340
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
                                                          2⤵
                                                            PID:2732
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
                                                            2⤵
                                                              PID:4196
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
                                                              2⤵
                                                                PID:4720
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7444 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:972
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
                                                                2⤵
                                                                  PID:4956
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
                                                                  2⤵
                                                                    PID:4356
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                                                                    2⤵
                                                                      PID:4924
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
                                                                      2⤵
                                                                        PID:4724
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4634722567295083518,7728177240100579661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                                                        2⤵
                                                                          PID:1164
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:4868
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:1612
                                                                          • C:\Windows\System32\rundll32.exe
                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                            1⤵
                                                                              PID:4128
                                                                            • C:\Program Files\7-Zip\7zFM.exe
                                                                              "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ZeroTrace.Stealer.2.0.0.0.rar"
                                                                              1⤵
                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of FindShellTrayWindow
                                                                              PID:1220
                                                                            • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe
                                                                              "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:3068
                                                                            • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                              "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Accesses Microsoft Outlook profiles
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:4684
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                PID:188
                                                                                • C:\Windows\SysWOW64\chcp.com
                                                                                  chcp 65001
                                                                                  3⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:3256
                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                  netsh wlan show profile
                                                                                  3⤵
                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                  PID:3028
                                                                                • C:\Windows\SysWOW64\findstr.exe
                                                                                  findstr All
                                                                                  3⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:2804
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 2092
                                                                                2⤵
                                                                                • Program crash
                                                                                PID:3584
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                2⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:2800
                                                                                • C:\Windows\SysWOW64\chcp.com
                                                                                  chcp 65001
                                                                                  3⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:1612
                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                  netsh wlan show networks mode=bssid
                                                                                  3⤵
                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:2000
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4684 -ip 4684
                                                                              1⤵
                                                                                PID:1200
                                                                              • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Accesses Microsoft Outlook profiles
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:1136
                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 1836
                                                                                  2⤵
                                                                                  • Program crash
                                                                                  PID:1152
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                  2⤵
                                                                                  • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                  PID:2868
                                                                                  • C:\Windows\SysWOW64\chcp.com
                                                                                    chcp 65001
                                                                                    3⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:3112
                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                    netsh wlan show profile
                                                                                    3⤵
                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                    PID:3028
                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                    findstr All
                                                                                    3⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:2024
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1136 -ip 1136
                                                                                1⤵
                                                                                  PID:4380
                                                                                • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                  "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                  1⤵
                                                                                  • Executes dropped EXE
                                                                                  • Accesses Microsoft Outlook profiles
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:2500
                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 1864
                                                                                    2⤵
                                                                                    • Program crash
                                                                                    PID:2188
                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                    2⤵
                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                    PID:3624
                                                                                    • C:\Windows\SysWOW64\chcp.com
                                                                                      chcp 65001
                                                                                      3⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:3132
                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                      netsh wlan show profile
                                                                                      3⤵
                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                      PID:1784
                                                                                    • C:\Windows\SysWOW64\findstr.exe
                                                                                      findstr All
                                                                                      3⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:3024
                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2500 -ip 2500
                                                                                  1⤵
                                                                                    PID:444
                                                                                  • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                    "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Accesses Microsoft Outlook profiles
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:1068
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 1856
                                                                                      2⤵
                                                                                      • Program crash
                                                                                      PID:3388
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                      2⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                      PID:3564
                                                                                      • C:\Windows\SysWOW64\chcp.com
                                                                                        chcp 65001
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:3896
                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                        netsh wlan show profile
                                                                                        3⤵
                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                        PID:2836
                                                                                      • C:\Windows\SysWOW64\findstr.exe
                                                                                        findstr All
                                                                                        3⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1308
                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1068 -ip 1068
                                                                                    1⤵
                                                                                      PID:2264
                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                      1⤵
                                                                                      • Opens file in notepad (likely ransom note)
                                                                                      PID:3028
                                                                                    • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                      "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Accesses Microsoft Outlook profiles
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:4924
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                        2⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                        PID:4344
                                                                                        • C:\Windows\SysWOW64\chcp.com
                                                                                          chcp 65001
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:2800
                                                                                        • C:\Windows\SysWOW64\netsh.exe
                                                                                          netsh wlan show profile
                                                                                          3⤵
                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                          PID:1592
                                                                                        • C:\Windows\SysWOW64\findstr.exe
                                                                                          findstr All
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:4736
                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 1876
                                                                                        2⤵
                                                                                        • Program crash
                                                                                        PID:3000
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                        2⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2912
                                                                                        • C:\Windows\SysWOW64\chcp.com
                                                                                          chcp 65001
                                                                                          3⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:1968
                                                                                        • C:\Windows\SysWOW64\netsh.exe
                                                                                          netsh wlan show networks mode=bssid
                                                                                          3⤵
                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                          PID:2972
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4924 -ip 4924
                                                                                      1⤵
                                                                                        PID:4060
                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                        1⤵
                                                                                        • Opens file in notepad (likely ransom note)
                                                                                        PID:3060
                                                                                      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                                        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                                                                        1⤵
                                                                                        • Drops desktop.ini file(s)
                                                                                        • Enumerates connected drives
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Modifies registry class
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                        PID:2464
                                                                                        • C:\Windows\SysWOW64\unregmp2.exe
                                                                                          "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                                          2⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:772
                                                                                          • C:\Windows\system32\unregmp2.exe
                                                                                            "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                            3⤵
                                                                                            • Enumerates connected drives
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2640
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=120764&mpver=12.0.19041.4355&id=C00D1199&contextid=83&originalid=80040265
                                                                                          2⤵
                                                                                            PID:2112
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff893bc46f8,0x7ff893bc4708,0x7ff893bc4718
                                                                                              3⤵
                                                                                                PID:1896
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 3260
                                                                                              2⤵
                                                                                              • Program crash
                                                                                              PID:2488
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
                                                                                            1⤵
                                                                                            • Drops file in Windows directory
                                                                                            PID:3656
                                                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                            1⤵
                                                                                            • Opens file in notepad (likely ransom note)
                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                            PID:3612
                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2464 -ip 2464
                                                                                            1⤵
                                                                                              PID:2428
                                                                                            • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                              "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Accesses Microsoft Outlook profiles
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:4576
                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 1824
                                                                                                2⤵
                                                                                                • Program crash
                                                                                                PID:1384
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                2⤵
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                PID:956
                                                                                                • C:\Windows\SysWOW64\chcp.com
                                                                                                  chcp 65001
                                                                                                  3⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:3996
                                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                                  netsh wlan show profile
                                                                                                  3⤵
                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                  PID:4904
                                                                                                • C:\Windows\SysWOW64\findstr.exe
                                                                                                  findstr All
                                                                                                  3⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:3080
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4576 -ip 4576
                                                                                              1⤵
                                                                                                PID:3764
                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                                1⤵
                                                                                                • Opens file in notepad (likely ransom note)
                                                                                                PID:1940
                                                                                              • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe
                                                                                                "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe"
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:3048
                                                                                              • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                • Accesses Microsoft Outlook profiles
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:5040
                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1832
                                                                                                  2⤵
                                                                                                  • Program crash
                                                                                                  PID:4480
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                  2⤵
                                                                                                  • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                  PID:2536
                                                                                                  • C:\Windows\SysWOW64\chcp.com
                                                                                                    chcp 65001
                                                                                                    3⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:1468
                                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                                    netsh wlan show profile
                                                                                                    3⤵
                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                    PID:2496
                                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                                    findstr All
                                                                                                    3⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:4872
                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5040 -ip 5040
                                                                                                1⤵
                                                                                                  PID:4564
                                                                                                • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                  "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Accesses Microsoft Outlook profiles
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:924
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                    2⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                    PID:2052
                                                                                                    • C:\Windows\SysWOW64\chcp.com
                                                                                                      chcp 65001
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:240
                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                      netsh wlan show profile
                                                                                                      3⤵
                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                      PID:3220
                                                                                                    • C:\Windows\SysWOW64\findstr.exe
                                                                                                      findstr All
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:4436
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 1896
                                                                                                    2⤵
                                                                                                    • Program crash
                                                                                                    PID:756
                                                                                                • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                  "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Accesses Microsoft Outlook profiles
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:3240
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 1856
                                                                                                    2⤵
                                                                                                    • Program crash
                                                                                                    PID:568
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                    2⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                    PID:1124
                                                                                                    • C:\Windows\SysWOW64\chcp.com
                                                                                                      chcp 65001
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:3708
                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                      netsh wlan show profile
                                                                                                      3⤵
                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                      PID:3892
                                                                                                    • C:\Windows\SysWOW64\findstr.exe
                                                                                                      findstr All
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:4200
                                                                                                • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                  "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Accesses Microsoft Outlook profiles
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:3768
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1856
                                                                                                    2⤵
                                                                                                    • Program crash
                                                                                                    PID:1328
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                    2⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                    PID:2600
                                                                                                    • C:\Windows\SysWOW64\chcp.com
                                                                                                      chcp 65001
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:4776
                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                      netsh wlan show profile
                                                                                                      3⤵
                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                      PID:2336
                                                                                                    • C:\Windows\SysWOW64\findstr.exe
                                                                                                      findstr All
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:4044
                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 924 -ip 924
                                                                                                  1⤵
                                                                                                    PID:1504
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3240 -ip 3240
                                                                                                    1⤵
                                                                                                      PID:1280
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3768 -ip 3768
                                                                                                      1⤵
                                                                                                        PID:4684
                                                                                                      • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                        "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Accesses Microsoft Outlook profiles
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:2736
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 1836
                                                                                                          2⤵
                                                                                                          • Program crash
                                                                                                          PID:3472
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                          2⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                          PID:1056
                                                                                                          • C:\Windows\SysWOW64\chcp.com
                                                                                                            chcp 65001
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:2864
                                                                                                          • C:\Windows\SysWOW64\netsh.exe
                                                                                                            netsh wlan show profile
                                                                                                            3⤵
                                                                                                            • Event Triggered Execution: Netsh Helper DLL
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                            PID:4088
                                                                                                          • C:\Windows\SysWOW64\findstr.exe
                                                                                                            findstr All
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:3080
                                                                                                      • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                        "C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe"
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Accesses Microsoft Outlook profiles
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        • outlook_office_path
                                                                                                        • outlook_win_path
                                                                                                        PID:2880
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 1828
                                                                                                          2⤵
                                                                                                          • Program crash
                                                                                                          PID:756
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                          2⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                          PID:3832
                                                                                                          • C:\Windows\SysWOW64\chcp.com
                                                                                                            chcp 65001
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:1084
                                                                                                          • C:\Windows\SysWOW64\netsh.exe
                                                                                                            netsh wlan show profile
                                                                                                            3⤵
                                                                                                            • Event Triggered Execution: Netsh Helper DLL
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                            PID:2016
                                                                                                          • C:\Windows\SysWOW64\findstr.exe
                                                                                                            findstr All
                                                                                                            3⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:4644
                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2736 -ip 2736
                                                                                                        1⤵
                                                                                                          PID:4924
                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2880 -ip 2880
                                                                                                          1⤵
                                                                                                            PID:548
                                                                                                          • C:\Windows\system32\NOTEPAD.EXE
                                                                                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                                            1⤵
                                                                                                            • Opens file in notepad (likely ransom note)
                                                                                                            PID:772
                                                                                                          • C:\Windows\system32\taskmgr.exe
                                                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                                                            1⤵
                                                                                                            • Checks SCSI registry key(s)
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                            PID:3792
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                            1⤵
                                                                                                            • Drops file in Windows directory
                                                                                                            • Enumerates system info in registry
                                                                                                            • Modifies data under HKEY_USERS
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                            PID:4020
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff88513cc40,0x7ff88513cc4c,0x7ff88513cc58
                                                                                                              2⤵
                                                                                                                PID:3900
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2104,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2100 /prefetch:2
                                                                                                                2⤵
                                                                                                                  PID:2648
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2516 /prefetch:3
                                                                                                                  2⤵
                                                                                                                    PID:3824
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2120,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2540 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:4288
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3212 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:2772
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3260 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:4668
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4636 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:2180
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4860,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4828 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4556
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3188,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4972 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:3992
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4112,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4556 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:456
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3500,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4916 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:2912
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3344,i,7595610347461410093,9148070802877918760,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5176 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:228
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                    1⤵
                                                                                                                                      PID:4352
                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                      1⤵
                                                                                                                                        PID:1176
                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                        1⤵
                                                                                                                                          PID:860
                                                                                                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\181.215.176.83\Browsers\Edge\EdgeCookies.txt
                                                                                                                                          1⤵
                                                                                                                                          • Opens file in notepad (likely ransom note)
                                                                                                                                          PID:1492

                                                                                                                                        Network

                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                        Reconnaissance

                                                                                                                                        Resource Development

                                                                                                                                        Initial Access

                                                                                                                                        Phishing

                                                                                                                                        1
                                                                                                                                        T1566

                                                                                                                                        Execution

                                                                                                                                        Persistence

                                                                                                                                        Event Triggered Execution

                                                                                                                                        1
                                                                                                                                        T1546

                                                                                                                                        Netsh Helper DLL

                                                                                                                                        1
                                                                                                                                        T1546.007

                                                                                                                                        Privilege Escalation

                                                                                                                                        Event Triggered Execution

                                                                                                                                        1
                                                                                                                                        T1546

                                                                                                                                        Netsh Helper DLL

                                                                                                                                        1
                                                                                                                                        T1546.007

                                                                                                                                        Defense Evasion

                                                                                                                                        Credential Access

                                                                                                                                        Credentials from Password Stores

                                                                                                                                        1
                                                                                                                                        T1555

                                                                                                                                        Credentials from Web Browsers

                                                                                                                                        1
                                                                                                                                        T1555.003

                                                                                                                                        Unsecured Credentials

                                                                                                                                        1
                                                                                                                                        T1552

                                                                                                                                        Credentials In Files

                                                                                                                                        1
                                                                                                                                        T1552.001

                                                                                                                                        Discovery

                                                                                                                                        Browser Information Discovery

                                                                                                                                        1
                                                                                                                                        T1217

                                                                                                                                        Peripheral Device Discovery

                                                                                                                                        2
                                                                                                                                        T1120

                                                                                                                                        Query Registry

                                                                                                                                        4
                                                                                                                                        T1012

                                                                                                                                        System Information Discovery

                                                                                                                                        3
                                                                                                                                        T1082

                                                                                                                                        System Location Discovery

                                                                                                                                        1
                                                                                                                                        T1614

                                                                                                                                        System Language Discovery

                                                                                                                                        1
                                                                                                                                        T1614.001

                                                                                                                                        System Network Configuration Discovery

                                                                                                                                        1
                                                                                                                                        T1016

                                                                                                                                        Wi-Fi Discovery

                                                                                                                                        1
                                                                                                                                        T1016.002

                                                                                                                                        Lateral Movement

                                                                                                                                        Collection

                                                                                                                                        Data from Local System

                                                                                                                                        1
                                                                                                                                        T1005

                                                                                                                                        Email Collection

                                                                                                                                        1
                                                                                                                                        T1114

                                                                                                                                        Command and Control

                                                                                                                                        Web Service

                                                                                                                                        1
                                                                                                                                        T1102

                                                                                                                                        Exfiltration

                                                                                                                                        Impact

                                                                                                                                        Replay Monitor

                                                                                                                                        Loading Replay Monitor...

                                                                                                                                        Downloads

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                                          Filesize

                                                                                                                                          649B

                                                                                                                                          MD5

                                                                                                                                          199db5240396f5020b698b7792bfd0ca

                                                                                                                                          SHA1

                                                                                                                                          50618dcee865699182afb50b0de69da25b930738

                                                                                                                                          SHA256

                                                                                                                                          f4b5a29dba76330fa678b30550a6cbb4f6f44577d082e06d8aba15c9e88334c9

                                                                                                                                          SHA512

                                                                                                                                          51e04429ad12dd4b591658ce8aedd61af0e30d5148dd6f2dde15ce94f9939175edfaa45f81ac5bca1e0f59d95cbc57e32aa279cd20d91327be48f6bf526402ab

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
                                                                                                                                          Filesize

                                                                                                                                          215KB

                                                                                                                                          MD5

                                                                                                                                          7b49e7ed72d5c3ab75ea4aa12182314a

                                                                                                                                          SHA1

                                                                                                                                          1338fc8f099438e5465615ace45c245450f98c84

                                                                                                                                          SHA256

                                                                                                                                          747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

                                                                                                                                          SHA512

                                                                                                                                          6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          168B

                                                                                                                                          MD5

                                                                                                                                          e488c9367ff6f995e670fe1618bdac86

                                                                                                                                          SHA1

                                                                                                                                          6a82ec44d2c91d72113ecff37c59cb9e0859209f

                                                                                                                                          SHA256

                                                                                                                                          1144d84d50a905e33b8bb8b5b6a7bb3614844261c7729092dfa90ee963de402c

                                                                                                                                          SHA512

                                                                                                                                          33a7baf4d9087bb40a195b91677d5f84cfa932bd8c8fc47834b97da1283c931b515bd97b2014bb2866dd59bf01956c719af8bcf0621d87417ae0255d9f0f1cb2

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          fac8d91af37abe80fcf7a34ffd6b415b

                                                                                                                                          SHA1

                                                                                                                                          62198c6d2a9e8059004b8ec04798122bd7fde9b7

                                                                                                                                          SHA256

                                                                                                                                          35d61a55c5ea900d02eaab6d3e9b80e72cc1131c65c254736b2da90a9cd5e4cf

                                                                                                                                          SHA512

                                                                                                                                          c55b71bbda170f1639c09e82bee9010f09061213cdac25ea8263acfb7364b2fc8cae95a5a6763edd82a69eae1aa488ca4813f8e55adfa93713621bda860f07d1

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                          Filesize

                                                                                                                                          2B

                                                                                                                                          MD5

                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                          SHA1

                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                          SHA256

                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                          SHA512

                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          356B

                                                                                                                                          MD5

                                                                                                                                          af64f3d40700d95b1bb82cf2a2b53380

                                                                                                                                          SHA1

                                                                                                                                          71293147b0f4c1cbb421f9acd17412b77bb0bab6

                                                                                                                                          SHA256

                                                                                                                                          f4caaa775b0a44ae34edf4a74eefcde3bc8ac2e80d48f07c27a953e1b5336729

                                                                                                                                          SHA512

                                                                                                                                          ea404357e6d578d2306651f47b8a8d3522ba2aa48a74c0e6de5f6a740da53fb3809f5904956b160d650fa24b3be5a16037efbdd19b63586469936f3d1c6eb29f

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          9KB

                                                                                                                                          MD5

                                                                                                                                          ba7605800cbe761f9e2373171082a0e4

                                                                                                                                          SHA1

                                                                                                                                          ee33392ce1906db039719551b2a6cbc09bbdbf4b

                                                                                                                                          SHA256

                                                                                                                                          55179731b9513f7de9690524cfa1768029f6f859fd3e2ff4e1653614e1eb3770

                                                                                                                                          SHA512

                                                                                                                                          3332764bb74b23b9411e8c8f3734aa3cc02288f38d21b1bbfb0c79da38a9b69efd80f2f1a25499e699f6d3fe7d7f0797bbc738e095f17a8b8368a5cc91d67e94

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                          Filesize

                                                                                                                                          15KB

                                                                                                                                          MD5

                                                                                                                                          407a5f1f1fb8a2a7512b9a87b7bcd097

                                                                                                                                          SHA1

                                                                                                                                          4052711e71813034a64896a619299c4287c99f96

                                                                                                                                          SHA256

                                                                                                                                          0a1bf451b0fdf20041adfd788b5b669c9de51e7bf617ed180f5eea6d77ce4469

                                                                                                                                          SHA512

                                                                                                                                          56e8493755c658ccd805152ed7c7e9e24fc18998cbb98b6371dca9d81d8b0da439e2d01a83b31e924636186682493ab9add0b0b9e9e5248a9f172a54ea60ecbb

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          235KB

                                                                                                                                          MD5

                                                                                                                                          fff2221bd3b2049b2455a06c6368c509

                                                                                                                                          SHA1

                                                                                                                                          7c30a1a7d32acd5899dc1152fbb52d79a8c6b018

                                                                                                                                          SHA256

                                                                                                                                          482a7cf506f1448d265faab44feedf5c7e398f7bad2b5ec0314c8a369eb0b3ce

                                                                                                                                          SHA512

                                                                                                                                          5f7d8a8606eb8231ca742f18148a7dbe509d933559e161e5e771648b08c0755571b484bb90896f30f9ddaeb6ab29ed845ba7bd6274337cb69672c2aa15ccedac

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          235KB

                                                                                                                                          MD5

                                                                                                                                          9586c25b376ed15a0cf2643cd9facf02

                                                                                                                                          SHA1

                                                                                                                                          80035224b58b689514f361905362134c5937aff0

                                                                                                                                          SHA256

                                                                                                                                          5fc4e96c4972d4ff37648b6f0126a0a5f19f5055be15ddaef39273961f913ac3

                                                                                                                                          SHA512

                                                                                                                                          63f9518ecd2ac831f94ffb058ef5bce1bf6fedd32829b2b092ea32f90dac5707f1f017ac72ecce195507a64da47ad04ff2d2d66ea5fce833f796d8d0039785b9

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZeroTrace Stealer.exe.log
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          d7666982f81b093b8b6d05a903f5676b

                                                                                                                                          SHA1

                                                                                                                                          d2bb7f97aff2dd2fdff497b26b62c30d9a4a488b

                                                                                                                                          SHA256

                                                                                                                                          6fd34e693f8f408f8130e2b48fe3846f2f355983b75654e9b1f28559b59fbedc

                                                                                                                                          SHA512

                                                                                                                                          05f66057de717678f4be1cfb2db903a248923c76db1a9cae96c83e05ac87ae36422d455fdf1d8f30f4d5833511348c02b168a82eb0007b8336cb646f29d1c88c

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8960566e-b27f-43b2-abc3-d077548d66db.tmp
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                          MD5

                                                                                                                                          21895f6025bbd7aff9d4e6e824cc0ba4

                                                                                                                                          SHA1

                                                                                                                                          4f77bec412c72585ec50fed5ff0c9119b69329c3

                                                                                                                                          SHA256

                                                                                                                                          c272c11a6619ec56f5e678c71aaffd9acccd6212f48ecafbed382747a95b3a71

                                                                                                                                          SHA512

                                                                                                                                          3456c12b564fc34a1b9376cd78b8e15e17e51b8007b1085dc3663c792b62d6ad81d393b3853799f09a0f1463595227b7a6ffa5f7bda577f7fd51542a87584a1e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                          Filesize

                                                                                                                                          152B

                                                                                                                                          MD5

                                                                                                                                          d4bc32eb841f2b788106b7b5a44c13f4

                                                                                                                                          SHA1

                                                                                                                                          27868013e809484e5ac5cb21ee306b919ee0916e

                                                                                                                                          SHA256

                                                                                                                                          051cdf1896c2091e9ff822c2118fda400e2de25ee323e856bf9eb0c64c7a7257

                                                                                                                                          SHA512

                                                                                                                                          7a4963ea09832503179642ee750b1c8024373c66b4fce2bd316b782d1fc670c1c77cdb31f9316b34c78b6f3f1c99d90fb50e0500b72f4a647adf7653c44d242b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                          Filesize

                                                                                                                                          152B

                                                                                                                                          MD5

                                                                                                                                          c8eb7d84aaea5c0c37cdce43d1ad96dd

                                                                                                                                          SHA1

                                                                                                                                          0a27d004b734e4c486372c6888111b813e806811

                                                                                                                                          SHA256

                                                                                                                                          27ec491fe2b7f0eb567a44deb50c74408376ff3addf6c88a2b1060adc4a5976e

                                                                                                                                          SHA512

                                                                                                                                          f39070a20583f7ff33b7b3c0e97c08da2a3ff36049e256bbe0d0031bf15579c6d9c3da8d1f9daac1073519b648a1d005a8fa195ee2232b2962516e9aa14dac3f

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                          Filesize

                                                                                                                                          152B

                                                                                                                                          MD5

                                                                                                                                          3d2444bd36844308c00907bcdda3066e

                                                                                                                                          SHA1

                                                                                                                                          d602d08f1b06a3f3888cc16234d09d97686efc81

                                                                                                                                          SHA256

                                                                                                                                          ec10841bc777167cc1055ddf2b51aab172a4bf6c8b786bf1b1ccecf721194a3e

                                                                                                                                          SHA512

                                                                                                                                          7ea25ff95cb9da32de0f76bbbeb1f154e077cecbc2eeb2dfdf6f2464acc61877ba0bef6e279e66dc985f92da0c94d7f8c887cc244e79927e5a2108d5248187b4

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                                          Filesize

                                                                                                                                          20KB

                                                                                                                                          MD5

                                                                                                                                          edff034579e7216cec4f17c4a25dc896

                                                                                                                                          SHA1

                                                                                                                                          ceb81b5abec4f8c57082a3ae7662a73edf40259f

                                                                                                                                          SHA256

                                                                                                                                          5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

                                                                                                                                          SHA512

                                                                                                                                          ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          48B

                                                                                                                                          MD5

                                                                                                                                          2802e22606a100018fe6ac405f8f3678

                                                                                                                                          SHA1

                                                                                                                                          838bda79c345d24405ee43affd72e34ef43c05a1

                                                                                                                                          SHA256

                                                                                                                                          1fe6e40a3d40688be1016a10f677e676c49a31cfd5115bf0a054658b61bc06bf

                                                                                                                                          SHA512

                                                                                                                                          af1eaae68262e9f2012f7a152f0c573d4fc51a3dc21d180fb5f3d24aee57ddd094f8f77b518157de1aa0a5e30c027e6fb1e6e9c734021eed2f023a2abd24fd5e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          9b521cbe62b6c236e8bb769cfbdf5d7a

                                                                                                                                          SHA1

                                                                                                                                          17c82c9a2820eee7d59256bf9abdc9e582655c66

                                                                                                                                          SHA256

                                                                                                                                          100192ed1b9700ea1548d350a4ae5cb53146dd84cd27d2c13c7fc954609be807

                                                                                                                                          SHA512

                                                                                                                                          dfed1aa435231d7b0fe5d38bb65f25186f2156646c3e6866b766695abe8da875e38129a46e6d27965f6aa7a1ec99582429307459fab13477336edd1433eca9d7

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          5d61807c70fae123c435e03c416e0351

                                                                                                                                          SHA1

                                                                                                                                          9fb17a70e3581a8ec4fd7b3b1e4a7ef81c4ae117

                                                                                                                                          SHA256

                                                                                                                                          55fcb21e35652088b7619705aa7439c660385b8c8b60d35d24200571e1b89f92

                                                                                                                                          SHA512

                                                                                                                                          746fa9c89e7360e3a7c4683a9c30a6df80b6ff64adc3feb9d771a7826c190e484a166c5c207d0ae351b6d65b88915daf130f2c787113449266d78fa146b9fdc2

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          49da3fc7711a04f450554b910f7a30a3

                                                                                                                                          SHA1

                                                                                                                                          0ee2c5fc2fbc82a5484385d49dcfd615acbcfe89

                                                                                                                                          SHA256

                                                                                                                                          e5d3cd0dd25e063e092b96d72eadaa2e3df59a533214d1ada3237e9459360fe7

                                                                                                                                          SHA512

                                                                                                                                          2b77f066de50b40b77779c8f0716451d4597845b1455a228b416bfe2b3d427000edb61f1dbde41628fe49b70ade286fc92f4fb9dc915ba4983773a785b39b9e0

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          0058aaa6782e994635e4fe8c6c5e3870

                                                                                                                                          SHA1

                                                                                                                                          5b79eb880a79cba4b853086ac6c6bacc50c50ab3

                                                                                                                                          SHA256

                                                                                                                                          a1c36e26c716896e002057912c430be44d035de01526798ec2801c5146abc9a6

                                                                                                                                          SHA512

                                                                                                                                          a4e5f461894289b70df7dea07cfa23eace69f22e6b8cafc92a191faaa42b190de67c30e8d8cd51db9cc9b08db27575945fff2a7da03892cda865beed55ba3f68

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
                                                                                                                                          Filesize

                                                                                                                                          32KB

                                                                                                                                          MD5

                                                                                                                                          cc686e2cff825c2e18a5ffbca343936a

                                                                                                                                          SHA1

                                                                                                                                          7cd234bacb64950b882eb77baae51430e8b8ff3d

                                                                                                                                          SHA256

                                                                                                                                          244cad1d8e1c44a12eec269a2d5b03e5a5509a0079b661ab65aae8f1559df1f8

                                                                                                                                          SHA512

                                                                                                                                          9aef03c06ad3361800b8ba1471de36f1b1c564aeb5f8d444843066c995805cc220bef21fee22fa177aa92d082011319f88c24ce12b8d49c42dcc022af9b17319

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                                          Filesize

                                                                                                                                          70KB

                                                                                                                                          MD5

                                                                                                                                          e5e3377341056643b0494b6842c0b544

                                                                                                                                          SHA1

                                                                                                                                          d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                                                                          SHA256

                                                                                                                                          e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                                                                          SHA512

                                                                                                                                          83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                                                                                          Filesize

                                                                                                                                          264KB

                                                                                                                                          MD5

                                                                                                                                          d5f0b8288d7332878a21346f1122bbfd

                                                                                                                                          SHA1

                                                                                                                                          3c68f411ca3e5690086439879bfe57acf3c2922c

                                                                                                                                          SHA256

                                                                                                                                          4a2151cd32fbd75d97c5a98c9e99ba7559c52d8d2cf82ebe4a0660ed85fa4c5f

                                                                                                                                          SHA512

                                                                                                                                          4b844c477b81d2c64350e68cf7c0cf90d0c1a6232d5ef3f4af5e11360b31473764a774b92fcfbb3c38d19ce71873fc454e1318788e3cb54013a09747bdf5dd7d

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                                                                                          Filesize

                                                                                                                                          124KB

                                                                                                                                          MD5

                                                                                                                                          0162b60a6f1aad83b32a7bc5efa3f0fb

                                                                                                                                          SHA1

                                                                                                                                          82e1d1b7209d51080b70e9ea8d18d17b7339e890

                                                                                                                                          SHA256

                                                                                                                                          8340f576df9a13c09c09a824a5592d040c8704d238c3654baf27e6d8dc15f9fa

                                                                                                                                          SHA512

                                                                                                                                          84011ac6083a5b7f502379dcd25040201314dd538e486c1fb3a779b1fe0d9a156ea353f258a2292aaf88c55d8a186b64a7bdcea00610ccc9fde263287d71b4d9

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          496B

                                                                                                                                          MD5

                                                                                                                                          e6b1131bd12b144ccca82eaf1fa1eb67

                                                                                                                                          SHA1

                                                                                                                                          9d62e88036ce97c8a84482880527623e8c99ae0a

                                                                                                                                          SHA256

                                                                                                                                          951e6b430cc3789ad14c7d5d31496f4ae41e2d7fd64ebcaa905e25e896ddd879

                                                                                                                                          SHA512

                                                                                                                                          7686e7974da3b8a4079c5644d192451b50141e1218b3e8eea9be0b933a40a53bd88215c40a9d85b28f4172dcba56062bda3907b4ba59b76d765b0c31de54090d

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                          MD5

                                                                                                                                          67907422be09e3ffe73e004fc9a8b8c3

                                                                                                                                          SHA1

                                                                                                                                          148e51f5f04d8b4101502c40bdf8234890206625

                                                                                                                                          SHA256

                                                                                                                                          4dc245faff14be6dbab7132a60cfadc7a08eac8c576ae25b8aa9705c23681418

                                                                                                                                          SHA512

                                                                                                                                          37cebe798ff1db210251bba7bd0298e8f2e0103eb48023e3125b2e3991cc5051b52cfb4cd2a331b5ea977838f8e8579316fcf0fe7dd9538e778111c012b915e0

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                          Filesize

                                                                                                                                          9KB

                                                                                                                                          MD5

                                                                                                                                          a3ffb805276fd63c518166e9d39d1b9b

                                                                                                                                          SHA1

                                                                                                                                          7fcbad3f46cf9319f2af8414a1e3ac38aa079216

                                                                                                                                          SHA256

                                                                                                                                          78b45518c49b2edc2b7e123c8aec569f94359e9c694c56025745eec2b42eeb29

                                                                                                                                          SHA512

                                                                                                                                          7dbeec8ccea3cad6e0d1f0679fbe287f8b1f1a57923b04f6499f0f4a18b8cf96098d8d7d1fe8e0b1181f968795ca3c23e37f2cec0cf1dcbe702cafd73c01cd16

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5888a3.TMP
                                                                                                                                          Filesize

                                                                                                                                          59B

                                                                                                                                          MD5

                                                                                                                                          2800881c775077e1c4b6e06bf4676de4

                                                                                                                                          SHA1

                                                                                                                                          2873631068c8b3b9495638c865915be822442c8b

                                                                                                                                          SHA256

                                                                                                                                          226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                                                          SHA512

                                                                                                                                          e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          995dfa5c2984b4cec234700d1d280434

                                                                                                                                          SHA1

                                                                                                                                          6e86b5e9fb8935285a9b750b10e8b850b5d48d5f

                                                                                                                                          SHA256

                                                                                                                                          a532f9461ef80053d0e5080cbc09c2e400a74cffe89a800a83be84778e29f44f

                                                                                                                                          SHA512

                                                                                                                                          d5b9da43a873d519d411a0a44fea6ef0517f393d17da2b6d85450bac7c5178055cdb24240de7fa086432451f408ca932d74bba490936d4434fa6e5731a1c1a5e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          8KB

                                                                                                                                          MD5

                                                                                                                                          6b2c60bab14f3a9d9c1df8fd60cb6b4d

                                                                                                                                          SHA1

                                                                                                                                          b27dc0e588b13c8628088e9c9f3e81a3ef37bbb3

                                                                                                                                          SHA256

                                                                                                                                          9805ebec9f5e3bcb2c2df825d94b7c672da31a1e03b60b633c0332f19772b9d8

                                                                                                                                          SHA512

                                                                                                                                          46b70673df2d74cb51a50af57b0753059ef34342d584f70fe3be50a7b95724c42bafa99ce181c151128fff09e6e8906a02f7716162e991cc8a56e3abc606ae81

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          d338f347891b3bdc2b2ebd6f5a5485f7

                                                                                                                                          SHA1

                                                                                                                                          790e139c337f00c9429ad9b66a31de21e34762cf

                                                                                                                                          SHA256

                                                                                                                                          7d0e1913cd614e2cfbf78cfe091dc074ee038b5be6cbb2935847420f42b994dd

                                                                                                                                          SHA512

                                                                                                                                          5a279698215e6d393dff6cfba3091da443fdde680f12b4ebb18848726c37b7aeba206c513ec7841792a314af1317a0b8f7cbe244e0a81762537d346902145053

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          6acc015cb96257c381225e2a64d3770a

                                                                                                                                          SHA1

                                                                                                                                          b6d9c812f04a90e8d20b16504b763b5fbeb71502

                                                                                                                                          SHA256

                                                                                                                                          95069275a145740e6a2de8d3b67eecb473820814d4451bb2ff13e1126a96df9e

                                                                                                                                          SHA512

                                                                                                                                          6c42208793fcbf11582337bb797095a1ed03183f6fe70f1026085fe97c62768d07d52ae3e2ae7af4b6c5498c8295eb0e48342c082a615580767e31d86f274f36

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          64c4181c93afdffe8ee7a237fdff9a41

                                                                                                                                          SHA1

                                                                                                                                          56c056366a682b6eef9e91bd28c0301a4a883899

                                                                                                                                          SHA256

                                                                                                                                          94268e02e3f3dd774f95092ba81000e3e0d9e2f56db85519bd177b6a0aaefa4a

                                                                                                                                          SHA512

                                                                                                                                          1d9f7c90ee18599c24f73a9032aec299daf0be03ec7ca48a775e4c1aa4198445ac8e2cc45fb1e9dc0389a008f6f2461db290a1713e7b75996e5fb96408694628

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          10KB

                                                                                                                                          MD5

                                                                                                                                          1033042fd047db35c2ae2fb6fa4ba745

                                                                                                                                          SHA1

                                                                                                                                          3514ad0245687a4be906c91a0dc62e5b97d72d31

                                                                                                                                          SHA256

                                                                                                                                          b480fe43eb8938d9f2d12b025989a1823c46dd7abd51042b88e57e4ce5f5b251

                                                                                                                                          SHA512

                                                                                                                                          9061de9ece03ba5c767ca8d78ddfecc5cc0e13880949c7d5d7994b383fd49602bb26b4f5e57557963259cd19dfb7521e8ac2794f79b7f35e2973d80599c8ff5e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          12KB

                                                                                                                                          MD5

                                                                                                                                          98f2a407b354ec1bd513592cc27a8dc3

                                                                                                                                          SHA1

                                                                                                                                          0da2064f195431fadeee9e96018a9a40aed25228

                                                                                                                                          SHA256

                                                                                                                                          801c210cc36a3adedbb0bcbde8a6d6e2fbbc77b5d54aacf86f60d7cab6989472

                                                                                                                                          SHA512

                                                                                                                                          b5f9c32290ce87efca59e09a4217c31be4754935cdcb499eb6be19a9ebb39c6a86cd35c4507fbf31236f0601d0ddc4657c727ed80757264ad7bd90c29d13bf9f

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          be4d088df2800fd1ac0caded1f3eabba

                                                                                                                                          SHA1

                                                                                                                                          2dd0f1dc69a5431331c24f098494c600ab8649d1

                                                                                                                                          SHA256

                                                                                                                                          ac82b9afd23974ee0ae5d923c1db1c80e05d8cbe19b3ce745ddcc80d1fee153c

                                                                                                                                          SHA512

                                                                                                                                          756c1307327f6131ef71f85151f9d6a98ffb33949fb43e00df57c4ee610d71d7195892794a2ae8c5d11411d7c92f3b3b7f24cb991b520d9348346cc8c067977f

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          95fe46263ec0e02d8273d7641bffc09e

                                                                                                                                          SHA1

                                                                                                                                          33c1a167ea8666e69309e95219403a734cf3f877

                                                                                                                                          SHA256

                                                                                                                                          41152da25e327540733fb02d3111c85aca5f657373cc8adde42dd316c89bc0b3

                                                                                                                                          SHA512

                                                                                                                                          7def2bd712de2601c1e700182c6b06f9e8d0bb44ef5ba762f29fafe342b3affb765ea564d5426298e3dde7cc6a297935a89a5ba3dd35e102707e967701941dff

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          92b6b993e60c554dcdb8e134a5bc40ba

                                                                                                                                          SHA1

                                                                                                                                          1762b6c3a86e6b737c0478ea940bb373a0a8acf4

                                                                                                                                          SHA256

                                                                                                                                          f756cb0fbfcfdc4a2f0c1ef205f94769c2fece57e3c9828f4ac5c3dad8d8b8c3

                                                                                                                                          SHA512

                                                                                                                                          fb91284ef79ad5af700e684fd28b8f66009af45cd98ba5a94787250370871e2cd1558cc9ac9a72bba6da2d10df4db555042728f7b5061ea0aa3f5ef80559d943

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                          Filesize

                                                                                                                                          24KB

                                                                                                                                          MD5

                                                                                                                                          6338e51cf2d1cb4bfea21c7d81cb3dc3

                                                                                                                                          SHA1

                                                                                                                                          0049d2863f309423d889fed141ef1f146246ac82

                                                                                                                                          SHA256

                                                                                                                                          2636a794e74289532973b8f1f9c62a0009520dad49951c956dceba846835e0ac

                                                                                                                                          SHA512

                                                                                                                                          ffcbb8f086de4ca9b51f2a86ff75f283afd9a08ba7fdfc16b119f4b80e452579fed0c7d5eb02cda11e6d7c6762ca8d5a1e542e90e106020f530d755933fb3ea2

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                          Filesize

                                                                                                                                          24KB

                                                                                                                                          MD5

                                                                                                                                          b321aef296129848c0c2c5c77ee69951

                                                                                                                                          SHA1

                                                                                                                                          402afa01ec8a6990a78514994f9648aedead5817

                                                                                                                                          SHA256

                                                                                                                                          e44d575c1dfcf221b68c84c2cf1d4f1bea45a7e32cd8010228acff6120daff1f

                                                                                                                                          SHA512

                                                                                                                                          cbb689d400fceb2f59d67e9e9d28007d2bb7562cf18f806420a9adbb08e0be5825153a44d4199ed03fc8e87311c2f5d4ab9aec5f3667984572070487475e8642

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          a74a51a7fa01c7da967a858ef57b9acd

                                                                                                                                          SHA1

                                                                                                                                          1895b72d3bbc76eca55436edeb780f5b4d523a19

                                                                                                                                          SHA256

                                                                                                                                          dc2d4b9d26c642cd634a75bb8aebcf88dc9c7626c66483507642079689aa732e

                                                                                                                                          SHA512

                                                                                                                                          f5d0393ba22585bf40abbf986afccc73fa187a74c9d330ccd160d9bdb89fbb3782b8e121e0bba4f8eced2696e9192e8d09320c6bcc6a8a35322720db7431af92

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          4bd5e38e9c5c203b583fde9243955e16

                                                                                                                                          SHA1

                                                                                                                                          d0830c4b2301a3be433f050769ab202caad98911

                                                                                                                                          SHA256

                                                                                                                                          820724c627cfa13921ce9177e7e47b4bd865cbaafb557146ce35641d2cc61394

                                                                                                                                          SHA512

                                                                                                                                          c4fde5d33616dbf5bf6d9d79fe29a0ad95a15ebb5c210d14c4f2f99fd4f62824198a3dd2ddba77a60c2cade4cc5e4ea279eee66f33a3ddc5b3af0e4531f65321

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          391b3e9dc33ef4da8163c538177ab05a

                                                                                                                                          SHA1

                                                                                                                                          642b6f9aad2a83d1d9123eecaf3ce8dfce3bb45a

                                                                                                                                          SHA256

                                                                                                                                          2d1bd5b17eace1b8c0e035f3b101ae0d795a063a0db163399e294ec9f516e406

                                                                                                                                          SHA512

                                                                                                                                          71968cea0919d18bf2eebabd29ef97dc699f0149ffa8848d4847b8fdc9e938d287a3c10aac3b1a46e1adcd6d5e48f4559cf83864696c2bf215e9c99808b7baf5

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          dfeefe9cd61495f5ee8c9c4c70132594

                                                                                                                                          SHA1

                                                                                                                                          7d5c6036a71e02c2a3bd6eb6e21b628f827234a0

                                                                                                                                          SHA256

                                                                                                                                          60b37ce9a2b8068f102595524a0019b610c3798d50cce7c3d258e05aa12f5280

                                                                                                                                          SHA512

                                                                                                                                          cb238a27ffda365c12722493c087d657194c2a028e046cbeec7fb99eceed563a3cfdebfa03ddbdbc7a16f1ec09f40f90d27ec22d4a232a5c9c2bc021f711c6ab

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          MD5

                                                                                                                                          a8640c40f32f38b6331ce1be481406b1

                                                                                                                                          SHA1

                                                                                                                                          db02b7439132ed2aee55d65f4b13db2d89105e42

                                                                                                                                          SHA256

                                                                                                                                          545fc8323a483148093a1edd94c08d8cd8069637fdd51cc9c5cb62620b69b32b

                                                                                                                                          SHA512

                                                                                                                                          9c000b65b8c206a2998eb32028740b3781672e79a45b18c4130f29ccdb3e719299dd81b90d48ccabb11a58f7e51911d4a0bb8819754226f399ace592363d14a6

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          47b074f9610f9a21aa7bac3be99057ed

                                                                                                                                          SHA1

                                                                                                                                          e95c2894b96385ed433dc6e05d52b300d5f9ab03

                                                                                                                                          SHA256

                                                                                                                                          9d00072bcf8260a64da0e9eacf7ed7afb578cf8bb8f850f71050e5ec5a10530f

                                                                                                                                          SHA512

                                                                                                                                          b410ad0cc83979f8ea06d22c3166fec074ca7469db88bdbe2b4f0098723af2cd986da1607ceaf7598e5ea68a04b86c69d0495d915fa0422c24da600d2922e91c

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57caf1.TMP
                                                                                                                                          Filesize

                                                                                                                                          864B

                                                                                                                                          MD5

                                                                                                                                          825a46f4f4530bc075c773575a9c1c14

                                                                                                                                          SHA1

                                                                                                                                          2a14b194edff7f228bd0d83b82a183d6192f052a

                                                                                                                                          SHA256

                                                                                                                                          f1a9f698e5edd5cdf1347b736f752e17b65437e53ac54ffe9bcaed80a06aeb2c

                                                                                                                                          SHA512

                                                                                                                                          14ec98302370e6f110f6f33bf02a78701800038657efbcaaff8f6319eb698463837c78ed1aad378d50415daf736be56d8c86ace83f00c833bab716f6b789a0dd

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
                                                                                                                                          Filesize

                                                                                                                                          116KB

                                                                                                                                          MD5

                                                                                                                                          f70aa3fa04f0536280f872ad17973c3d

                                                                                                                                          SHA1

                                                                                                                                          50a7b889329a92de1b272d0ecf5fce87395d3123

                                                                                                                                          SHA256

                                                                                                                                          8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                                                                                                                                          SHA512

                                                                                                                                          30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                          Filesize

                                                                                                                                          16B

                                                                                                                                          MD5

                                                                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                                                                          SHA1

                                                                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                          SHA256

                                                                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                          SHA512

                                                                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                                                                                                                                          Filesize

                                                                                                                                          41B

                                                                                                                                          MD5

                                                                                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                          SHA1

                                                                                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                          SHA256

                                                                                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                          SHA512

                                                                                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                                                                                                          Filesize

                                                                                                                                          16B

                                                                                                                                          MD5

                                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                                          SHA1

                                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                          SHA256

                                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                          SHA512

                                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          4acf132535508ae927013e3335a39b80

                                                                                                                                          SHA1

                                                                                                                                          d69a6522a8c8ffa3de9dec68e58f7fb11a8af79e

                                                                                                                                          SHA256

                                                                                                                                          72154d62f1942f12a2ae09e4c2cd81ced4f148d5235607a9174a700c63b95a44

                                                                                                                                          SHA512

                                                                                                                                          d09f16eb416db7d8d91b4c296d5a2a7613afbca4cd10489ce53ed185eaf083e3b32ae7bfeface057857128f4bb1687f00e1eed7c7115a73ffb80278cf6e1c236

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          ca3f027ce39f94cd9a86071edb16b2d9

                                                                                                                                          SHA1

                                                                                                                                          c0712068debbdc957c0c9257a87454062c9e32ac

                                                                                                                                          SHA256

                                                                                                                                          c9f5fa1e60b8467f4a3d6aaf4765ee09be909d1c29a0ecb5494a96afb3e30cb6

                                                                                                                                          SHA512

                                                                                                                                          0c6877c0b69d583ee7fadc565751966136edea6aa291604521a1b1fda6cd5f85da5fba92ceb40be89d74cc944e85278940b78e61f958416e351475b357cc181e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                          Filesize

                                                                                                                                          11KB

                                                                                                                                          MD5

                                                                                                                                          c9d4f460c4257e3336c6459177aa2487

                                                                                                                                          SHA1

                                                                                                                                          69896105c7bb50ab86cb0056f433a12e978718bd

                                                                                                                                          SHA256

                                                                                                                                          60ea9031243227e7d2bf5d5745b23dd8bb5289c54215170d2ad747976dfa27d3

                                                                                                                                          SHA512

                                                                                                                                          b2db10e55d1bf5210176c29abe44f9c461be232e0e6fd9b2f7ff4b770161e9373b4102dba408431b36a46fd466f06015ab0b2b0120a6335b7a199d516ea91f31

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          MD5

                                                                                                                                          987a07b978cfe12e4ce45e513ef86619

                                                                                                                                          SHA1

                                                                                                                                          22eec9a9b2e83ad33bedc59e3205f86590b7d40c

                                                                                                                                          SHA256

                                                                                                                                          f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

                                                                                                                                          SHA512

                                                                                                                                          39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                                                          Filesize

                                                                                                                                          1024KB

                                                                                                                                          MD5

                                                                                                                                          d7bffdec35cd52756d8d9f59b9cf3855

                                                                                                                                          SHA1

                                                                                                                                          cd21a96acf591c9cb48dbf50df95e5922e71bbb1

                                                                                                                                          SHA256

                                                                                                                                          9eabda7f055312d4d7dac47e6dab363cf0df8ebfd883f86c51e484dacb1b6245

                                                                                                                                          SHA512

                                                                                                                                          a302da5fafc31cdf24bd14928eef79eeced185f44e37a328029c93bb6b7fb79a1b950a7d645dd39fc52ff0f6ec7a134cf1b5af402065fbecf39aceb87e3dbc2c

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
                                                                                                                                          Filesize

                                                                                                                                          9KB

                                                                                                                                          MD5

                                                                                                                                          7050d5ae8acfbe560fa11073fef8185d

                                                                                                                                          SHA1

                                                                                                                                          5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                                          SHA256

                                                                                                                                          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                                          SHA512

                                                                                                                                          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\Browsers\Edge\EdgeCookies.txt
                                                                                                                                          Filesize

                                                                                                                                          6KB

                                                                                                                                          MD5

                                                                                                                                          665b4c3c96451bf0666013941cd745fe

                                                                                                                                          SHA1

                                                                                                                                          f5ec7f2d8d8b2fda1040635510119e2e40e10806

                                                                                                                                          SHA256

                                                                                                                                          c00ab5df121332c7c86ead08e18883b8bcfd5b0523579a8b42b44dfae48f333c

                                                                                                                                          SHA512

                                                                                                                                          e9370aee257d60b6b281c0eee9291a59036223ecb9d19d7b98de6382cc7827e6de718b490ca197c84818ef773b86fba82fb2eeb6709114278bbb3d7c7bbcfb5b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\Browsers\Edge\EdgeHistory.txt
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          f29d99eb1c19f54a8fb8fbc7c511b10a

                                                                                                                                          SHA1

                                                                                                                                          8e89578b28a348d50047ba108e59aee8a5584e6c

                                                                                                                                          SHA256

                                                                                                                                          5b120b6d88b48b0c2939bd033588e99280879567f08418b5941cf3546cc29b49

                                                                                                                                          SHA512

                                                                                                                                          b81b793bb44f1ed99f9efbc71aaf1d7d8d70f770cbd73cd830a4ed525bc2da8f924348f15e17927436584bc6803605e25fc9d133d15eaa307ac532ebb52ff20d

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\Browsers\Edge\EdgeHistory.txt
                                                                                                                                          Filesize

                                                                                                                                          5KB

                                                                                                                                          MD5

                                                                                                                                          aeebcf07b8387a54d4e3ea4d68546711

                                                                                                                                          SHA1

                                                                                                                                          fd1585ed8f2b5caee09b544da5b063f5bf05c88b

                                                                                                                                          SHA256

                                                                                                                                          cb225fc0668c363154c17349f2183b46d47ac13f8c0e8cb6b329078ef9d652a5

                                                                                                                                          SHA512

                                                                                                                                          d974b5bb0d1e4ebea3627504140202bae0ab000bcd03c6bfa9f20fedb5096b4c7e64526e0b7e314eaf2f200590dbfccae9e7dded04ac2fa6a1ac967e428ff940

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\Browsers\Firefox\FirefoxBookmarks.txt
                                                                                                                                          Filesize

                                                                                                                                          210B

                                                                                                                                          MD5

                                                                                                                                          1267f4be35fbe5510886cf08ddee9fdd

                                                                                                                                          SHA1

                                                                                                                                          04e714a1c8a9d76e860c7cbbe7ebf62c71dea6b9

                                                                                                                                          SHA256

                                                                                                                                          ab038447adbfd1faf46f0d3bf6dc387621dc8435ab552696ec8d9bbe7a6a9ab3

                                                                                                                                          SHA512

                                                                                                                                          6f1bc0ad9eb850f37cddc2422e738f0cbbfe8a7a7e064c0c989cafbf0f7d5ae5bdfced4b3f93952688de3bfa338ff5a8c7258aff8397cdaccb36b23b5d16686b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                                                                          Filesize

                                                                                                                                          331B

                                                                                                                                          MD5

                                                                                                                                          6797a7671a3a55a950133a86b1353e1d

                                                                                                                                          SHA1

                                                                                                                                          4ff4b95d79c0f82012e95f99b61f3a6a4872021a

                                                                                                                                          SHA256

                                                                                                                                          98ca144862d9e71218af08e215373198e3f5390458495a9b63eb68647d0a42a8

                                                                                                                                          SHA512

                                                                                                                                          5ab8fb396406494bedb5bfff393c65fd16c06d847fbcff792453cc13618d633126342822293e17b7200c0335f436d9b48307aeda7df0f74a172fd69d48d45730

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                                                                          Filesize

                                                                                                                                          64B

                                                                                                                                          MD5

                                                                                                                                          0a4cfcbc6e68a68e3535e578dc1aff97

                                                                                                                                          SHA1

                                                                                                                                          3c12bcf3da4ebed67333fb2b772b425985f28390

                                                                                                                                          SHA256

                                                                                                                                          897e684afe6e516ea44156c4bfc95428900d12b40f5baa2975afbb78735a2e02

                                                                                                                                          SHA512

                                                                                                                                          3f5be30a5dc06268d7e4af4ffd74b53c4dbf9cf616ed5ba73c8a2b50241d1e3ea30650fc5277a208e65aeb47616320d1640a1a893709d487a137b156f278e885

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\181.215.176.83\System\Process.txt
                                                                                                                                          Filesize

                                                                                                                                          153B

                                                                                                                                          MD5

                                                                                                                                          77ef6dab22af99d3b72f73017a5d6e0f

                                                                                                                                          SHA1

                                                                                                                                          6bde2ca5483435c0594879e25180eb08200f3549

                                                                                                                                          SHA256

                                                                                                                                          5162f19cc2871814ea662f677cba58fd8e39bee797cb6493679a6e726e52e11b

                                                                                                                                          SHA512

                                                                                                                                          db34b9c206dc2241aa49cdc99f8c5a9a5eaf7a601255a0c9e661576b39e2908e01780b8f218da454aec30194e2a5569c8770361f3e571b5263cf5c345d940707

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          ca642bdd70772d36cc06435dcafb734f

                                                                                                                                          SHA1

                                                                                                                                          56dc49ef30e7c9a0331d228a480e4985ac549d9d

                                                                                                                                          SHA256

                                                                                                                                          7bbfed2f537383e75b8747dff2a98e4c1ae04aa9cf7b40b75c3e25b75c7fd66b

                                                                                                                                          SHA512

                                                                                                                                          4ec28911ff496a8f07945b9c5999206ee7fbe9872414d6a6c98851d2c089bea5aa8993be9aff318cfff5dfeb676e3d69b9a595c32ce6bfeb3160f4f014d63267

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          9a5879c7279af192a81212f6b443b56a

                                                                                                                                          SHA1

                                                                                                                                          ce68e99e22a4cae1770c6ebbc6a263445fbccef3

                                                                                                                                          SHA256

                                                                                                                                          945afd062ce30eb317ea18d347d665fc2538b7b2bc6eee7dab381c39f1d773ce

                                                                                                                                          SHA512

                                                                                                                                          d7d3ed2d3b08485bed6ab2fdad2d8bde435647819f209b1e0c3e7a553b3f4204819d50e890e2169df67be05faa116255bf2216c84cf1823398c7c6c9f8284f66

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          2d2ade81b25f3a81350e95d1e923de89

                                                                                                                                          SHA1

                                                                                                                                          27918b2d59692a64530f80ea8ef71238583a7d5b

                                                                                                                                          SHA256

                                                                                                                                          9bdc9f784dfa195fa338981f5cfa4c95b0c582c88e2b48bb803c3e4b2b324636

                                                                                                                                          SHA512

                                                                                                                                          1c21e9e32cfca46370e67f4ee95a8d97f6c1c8ed41fe7a4e6fb49e303ee1c6433cd9e813ddab19b195888d4c3d46420f18ca93c1b1de37a015b01d63b1a4889b

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          6ab83b101a1a0f50be20280c7d187b18

                                                                                                                                          SHA1

                                                                                                                                          8bb119a6eebd69149b59ef30b0743462158e75b5

                                                                                                                                          SHA256

                                                                                                                                          cf8a3e902921777223ccd2c90b17de2c0815c5f43cda178bf2f30f78d5c75439

                                                                                                                                          SHA512

                                                                                                                                          5f597c833a6fd08ba43334d6e1f3138628b0c221cc0005702fb68f4a9f74e508871ce4bf1ef2d901f0445e62e30c4eb6c1caa8dd999742b901573f70aff67ed7

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                          Filesize

                                                                                                                                          3KB

                                                                                                                                          MD5

                                                                                                                                          fad37ec355a9a6e1bc2b7590f31e028e

                                                                                                                                          SHA1

                                                                                                                                          d6413d2238bddd4391366a448094ea898689ad80

                                                                                                                                          SHA256

                                                                                                                                          78fbaee8300c316af53fd9fb0bb556b86b3680aed68bdead18e0503b6bb4b03f

                                                                                                                                          SHA512

                                                                                                                                          84f7607af53fa0cfea75d2a13e41e2159da151c219c77b92bf4315d4cec39951c90ba730c815e983b480aa6984bb9a1884eda6a84a2ab66e7ea41365720ca5bf

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Roaming\ZeroStubWebHook.exe
                                                                                                                                          Filesize

                                                                                                                                          574KB

                                                                                                                                          MD5

                                                                                                                                          52d3b380b804b07b8d3065be7459b550

                                                                                                                                          SHA1

                                                                                                                                          053131c23ec7902f0d5a6bf98db0f1fc30827c40

                                                                                                                                          SHA256

                                                                                                                                          ac04a853e85e89882700beb61c68db5aa972a73cd1b19693938581e9d9610d79

                                                                                                                                          SHA512

                                                                                                                                          6021523f095503640dc7069e6beab3147a9b5e8457b3151be9bb3e1b1bbf2ef0f1bffb42f4abfba4f5a5bfa9d851b23ca77e32e8bf892446287f5891fc7d2b7e

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                                                          Filesize

                                                                                                                                          574KB

                                                                                                                                          MD5

                                                                                                                                          f0893a3f89dc91ca9650a285ae2422d0

                                                                                                                                          SHA1

                                                                                                                                          83abe23492d6a63a8de2cdbd6d959aed40090cb9

                                                                                                                                          SHA256

                                                                                                                                          4cf7ea2e6eec47ac72bd08eb9ad05ef8a9e797cc3c2ae5629fc19cf41ccd279f

                                                                                                                                          SHA512

                                                                                                                                          2ca76926897c063055e3dd075e0426793ebd933fd6adb92ce85c67485c022ffd1f99c71f0eeb0d215b4c90972bd47f73aef8c23910551d25bf0e3a9084dec141

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\Build.exe
                                                                                                                                          Filesize

                                                                                                                                          574KB

                                                                                                                                          MD5

                                                                                                                                          dd61b7e2454d4e9c69c642e2e29148fb

                                                                                                                                          SHA1

                                                                                                                                          aca3cab2db8ff3221a575ab0d086e233cefda07f

                                                                                                                                          SHA256

                                                                                                                                          61b552b0a97557778866bba856ec259c9c204e669393d8a2f4b57f87b2a4f54e

                                                                                                                                          SHA512

                                                                                                                                          419549e8d31e2f4a4ce4e8733d082ab11175b787f6d1be5e62244f9ed4ba78b5553c2d5e10d4873d17351ded5b21e63ccd932c4ef8e10e93ba1868c66f8de7dd

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe
                                                                                                                                          Filesize

                                                                                                                                          44.0MB

                                                                                                                                          MD5

                                                                                                                                          e12a9756340e3deefa10418a32ba0f74

                                                                                                                                          SHA1

                                                                                                                                          e2410cdd75a5d7c9db63c97804b1e153e7e6e42c

                                                                                                                                          SHA256

                                                                                                                                          7de54534590bddd9a0076f8a45bf558e66df42b7c15fe7c367956c9fea92d8fe

                                                                                                                                          SHA512

                                                                                                                                          db863ce7a5b81317f12c24b7d310692c29e017e82af5b2a9de2c2fd4d6c95b7a68e5624f60be9233d57a77ce11e39f0e7a3b08403e787d20bef21f747b709b91

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\Desktop\ZeroTrace Stealer 2.0.0.0\ZeroTrace Stealer.exe.config
                                                                                                                                          Filesize

                                                                                                                                          1KB

                                                                                                                                          MD5

                                                                                                                                          d6580e30f9677b44b8533d65499d1273

                                                                                                                                          SHA1

                                                                                                                                          2a977e5f66f5017c4b25309650e830df46412ae0

                                                                                                                                          SHA256

                                                                                                                                          1b7568f2437f88ec3fb1e71bd73d9c293a8f7fcf6c96e84a7525cecf55d562e7

                                                                                                                                          SHA512

                                                                                                                                          7e71e9ee7e79f4bec97fc1e964b2fd9a96a60855f6020b4389861382457f7b7d570704be1e9cc894d4a644049fabd8cc1266976bce2d746b246a3cd583400945

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\Downloads\ZeroTrace.Stealer.2.0.0.0.rar
                                                                                                                                          Filesize

                                                                                                                                          42.5MB

                                                                                                                                          MD5

                                                                                                                                          b234f99182890d1e5f09d882f0211b93

                                                                                                                                          SHA1

                                                                                                                                          9d3f59acd590bc495735b5a4846d4361fcff7d5e

                                                                                                                                          SHA256

                                                                                                                                          e6688c79fd4af71894a3c8acad12b202be28aa01d76fc1e119f9806dec6857d1

                                                                                                                                          SHA512

                                                                                                                                          1b891cfafff1f4d190c4f7b91cc4d25370d914d6900674e95ba02ed63082e132c623baf49d13395a6cdb2778e3d16fb086d7e93e32185b19c6bad629351bff39

                                                                                                                                          Download Submit

                                                                                                                                        • memory/1068-879-0x0000000000130000-0x00000000001C6000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          600KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-924-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-922-0x0000000007FC0000-0x0000000007FD0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-929-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-930-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-926-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-928-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-927-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-923-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/2464-925-0x0000000007510000-0x0000000007520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          64KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-831-0x00000000125D0000-0x0000000012DCA000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          8.0MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-832-0x00000000080C0000-0x00000000081DA000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          1.1MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-820-0x000000000A040000-0x000000000A0D2000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          584KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-857-0x000000000B360000-0x000000000B3C0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          384KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-837-0x000000000F110000-0x000000000F130000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-836-0x0000000011E00000-0x000000001232C000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          5.2MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-819-0x000000000F240000-0x00000000105D4000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          19.6MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-834-0x0000000008280000-0x0000000008380000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          1024KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-833-0x000000000D240000-0x000000000E7D6000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          21.6MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-821-0x000000000A0E0000-0x000000000A656000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          5.5MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-835-0x000000000ED70000-0x000000000ED7A000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          40KB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-816-0x0000000000700000-0x0000000003304000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          44.0MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-817-0x00000000085D0000-0x0000000008B76000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          5.6MB

                                                                                                                                          Download

                                                                                                                                        • memory/3068-818-0x000000000AB80000-0x000000000B23C000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          6.7MB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1394-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1395-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1396-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1397-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1398-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1399-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1400-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1389-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1390-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3792-1388-0x0000023889940000-0x0000023889941000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4684-869-0x00000000066A0000-0x0000000006706000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          408KB

                                                                                                                                          Download

                                                                                                                                        • memory/4684-868-0x0000000004C80000-0x0000000004E42000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          1.8MB

                                                                                                                                          Download

                                                                                                                                        • memory/4684-867-0x00000000000F0000-0x0000000000186000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          600KB

                                                                                                                                          Download