Overview

overview

10

Static

static

6

HappyMod-3-1-5.apk

windows10-ltsc 2021-x64

Resubmissions

01-02-2025 01:48

250201-b8brfasrfj 8

31-01-2025 22:56

250131-2w1sxayqey 10

Analysis

  • max time kernel
    1073s
  • max time network
    1074s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    31-01-2025 22:56

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    HappyMod-3-1-5.apk

  • Size

    17.4MB

  • MD5

    0ef4f4f011c3e16e18b18584d2f40393

  • SHA1

    d4a1292884579509009f85fbe480e819f4e103a9

  • SHA256

    a7e864470fc10ae55241364ce076007552af9673177e15caf4c20062bfc7339a

  • SHA512

    a85a12907e4a3b5bae1d80771817798c123688c2b4fc1945efdb65ff9d1ad4168186add6c55ae4ade9a969c9e0f67cab2672031aafbaca76386e74357211636b

  • SSDEEP

    393216:zp0TcbMT8whcEb7NqnKdzbspDNx4GhY6qqoe2w+FCropPvAUqfE:zacQTvcEUnKRwMGm6qqf0CkpQUqfE

Score
10/10
mimikatztroldeshwannacrybootkitdefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealertrojanupxworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Troldesh family
    troldesh
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Disables RegEdit via registry modification 2 IoCs
    defense_evasion
  • Disables Task Manager via registry modification
    defense_evasion
  • Disables use of System Restore points 1 TTPs
    defense_evasion
  • Downloads MZ/PE file 8 IoCs
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    defense_evasion
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 8 IoCs
  • Executes dropped EXE 53 IoCs
  • Loads dropped DLL 9 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 9 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Enumerates processes with tasklist 1 TTPs 4 IoCs
    discovery
  • Sets desktop wallpaper using registry 2 TTPs 4 IoCs
    ransomware
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 55 IoCs
  • Drops file in Windows directory 15 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 48 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Interacts with shadow copies 3 TTPs 4 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 6 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs regedit.exe 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 11 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\HappyMod-3-1-5.apk
    1⤵
    • Modifies registry class
    PID:3208
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1404
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xdc,0x134,0x7ff8b16c46f8,0x7ff8b16c4708,0x7ff8b16c4718
      2⤵
        PID:4184
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:4584
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:4556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:2648
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
            2⤵
              PID:5012
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
              2⤵
                PID:3104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
                2⤵
                  PID:4524
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                  2⤵
                    PID:4712
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
                    2⤵
                      PID:2068
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5068
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                      2⤵
                        PID:4572
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
                        2⤵
                          PID:2196
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
                          2⤵
                            PID:3228
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                            2⤵
                              PID:64
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                              2⤵
                                PID:3452
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                2⤵
                                  PID:4688
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                  2⤵
                                    PID:4128
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                                    2⤵
                                      PID:2116
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
                                      2⤵
                                        PID:2772
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5460 /prefetch:8
                                        2⤵
                                          PID:2080
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                                          2⤵
                                            PID:2392
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
                                            2⤵
                                              PID:3052
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:1300
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2196 /prefetch:8
                                              2⤵
                                                PID:3484
                                              • C:\Users\Admin\Downloads\$uckyLocker.exe
                                                "C:\Users\Admin\Downloads\$uckyLocker.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Sets desktop wallpaper using registry
                                                • System Location Discovery: System Language Discovery
                                                PID:1048
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4348
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
                                                2⤵
                                                  PID:1832
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3440
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 /prefetch:8
                                                  2⤵
                                                    PID:2064
                                                  • C:\Users\Admin\Downloads\CryptoWall.exe
                                                    "C:\Users\Admin\Downloads\CryptoWall.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: MapViewOfSection
                                                    PID:4616
                                                    • C:\Windows\SysWOW64\explorer.exe
                                                      "C:\Windows\syswow64\explorer.exe"
                                                      3⤵
                                                      • Drops startup file
                                                      • Adds Run key to start application
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: MapViewOfSection
                                                      PID:3108
                                                      • C:\Windows\SysWOW64\svchost.exe
                                                        -k netsvcs
                                                        4⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2200
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
                                                    2⤵
                                                      PID:1200
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
                                                      2⤵
                                                        PID:4900
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
                                                        2⤵
                                                          PID:2500
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                                          2⤵
                                                            PID:2380
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
                                                            2⤵
                                                              PID:1068
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
                                                              2⤵
                                                                PID:2112
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:2464
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6832 /prefetch:8
                                                                2⤵
                                                                  PID:808
                                                                • C:\Users\Admin\Downloads\NotPetya.exe
                                                                  "C:\Users\Admin\Downloads\NotPetya.exe"
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  • Drops file in Windows directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:1664
                                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                                    "C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #1
                                                                    3⤵
                                                                    • Loads dropped DLL
                                                                    • Writes to the Master Boot Record (MBR)
                                                                    • Drops file in Program Files directory
                                                                    • Drops file in Windows directory
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:2492
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      /c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 00:05
                                                                      4⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:2332
                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                        schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 00:05
                                                                        5⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Scheduled Task/Job: Scheduled Task
                                                                        PID:5064
                                                                    • C:\Users\Admin\AppData\Local\Temp\C904.tmp
                                                                      "C:\Users\Admin\AppData\Local\Temp\C904.tmp" \\.\pipe\{FD46D1C7-1685-4777-A2EC-D1B03BA95AF3}
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:4676
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
                                                                  2⤵
                                                                    PID:1988
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:384
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4156 /prefetch:8
                                                                    2⤵
                                                                      PID:652
                                                                    • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                      "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2464
                                                                    • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                      "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2116
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                                                                      2⤵
                                                                        PID:1756
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:324
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
                                                                        2⤵
                                                                          PID:3028
                                                                        • C:\Users\Admin\Downloads\Seftad.exe
                                                                          "C:\Users\Admin\Downloads\Seftad.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:2076
                                                                        • C:\Users\Admin\Downloads\Seftad.exe
                                                                          "C:\Users\Admin\Downloads\Seftad.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:3880
                                                                        • C:\Users\Admin\Downloads\Seftad.exe
                                                                          "C:\Users\Admin\Downloads\Seftad.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:4440
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                                                          2⤵
                                                                            PID:4712
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                                                                            2⤵
                                                                              PID:4168
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                                                                              2⤵
                                                                                PID:1840
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:3156
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4248 /prefetch:8
                                                                                2⤵
                                                                                  PID:4952
                                                                                • C:\Users\Admin\Downloads\SporaRansomware.exe
                                                                                  "C:\Users\Admin\Downloads\SporaRansomware.exe"
                                                                                  2⤵
                                                                                  • Checks computer location settings
                                                                                  • Drops startup file
                                                                                  • Executes dropped EXE
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:1412
                                                                                  • C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                    "C:\Windows\System32\wbem\WMIC.exe" process call create "cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures"
                                                                                    3⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:2868
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\USCE1-50FTX-TZTXH-THTOY.HTML
                                                                                    3⤵
                                                                                      PID:2968
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ff8b16c46f8,0x7ff8b16c4708,0x7ff8b16c4718
                                                                                        4⤵
                                                                                          PID:4544
                                                                                    • C:\Users\Admin\Downloads\SporaRansomware.exe
                                                                                      "C:\Users\Admin\Downloads\SporaRansomware.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:1484
                                                                                    • C:\Users\Admin\Downloads\SporaRansomware.exe
                                                                                      "C:\Users\Admin\Downloads\SporaRansomware.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:1448
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4640
                                                                                      • C:\Users\Admin\Downloads\SporaRansomware.exe
                                                                                        "C:\Users\Admin\Downloads\SporaRansomware.exe"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:4756
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
                                                                                        2⤵
                                                                                          PID:3868
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4744
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
                                                                                            2⤵
                                                                                              PID:4596
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
                                                                                              2⤵
                                                                                                PID:1840
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1572
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
                                                                                                  2⤵
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:1908
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,1326640918424536927,1931893015433712414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:2092
                                                                                                  • C:\Users\Admin\Downloads\WannaCrypt0r.exe
                                                                                                    "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
                                                                                                    2⤵
                                                                                                    • Drops startup file
                                                                                                    • Executes dropped EXE
                                                                                                    • Sets desktop wallpaper using registry
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:444
                                                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                                                      attrib +h .
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Views/modifies file attributes
                                                                                                      PID:824
                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                      icacls . /grant Everyone:F /T /C /Q
                                                                                                      3⤵
                                                                                                      • Modifies file permissions
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:1244
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:2956
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /c 294021738364656.bat
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:2244
                                                                                                      • C:\Windows\SysWOW64\cscript.exe
                                                                                                        cscript.exe //nologo m.vbs
                                                                                                        4⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:1724
                                                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                                                      attrib +h +s F:\$RECYCLE
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Views/modifies file attributes
                                                                                                      PID:760
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected] co
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5704
                                                                                                      • C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
                                                                                                        TaskData\Tor\taskhsvc.exe
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:5860
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      cmd.exe /c start /b @[email protected] vs
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:5712
                                                                                                      • C:\Users\Admin\Downloads\@[email protected]
                                                                                                        @[email protected] vs
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                        PID:5768
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                          5⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          PID:6100
                                                                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                            wmic shadowcopy delete
                                                                                                            6⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            PID:6140
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5260
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:5264
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5296
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dsxnqkpkvohg918" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                                      3⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:5272
                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dsxnqkpkvohg918" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                                        4⤵
                                                                                                        • Adds Run key to start application
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        • Modifies registry key
                                                                                                        PID:5384
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5568
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5460
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5552
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1908
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4756
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:3684
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5828
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5988
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5976
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1248
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:1108
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:540
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4224
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:3288
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4756
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:460
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:4264
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5384
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:348
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:3452
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4324
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5632
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5888
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4028
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1252
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:6092
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1164
                                                                                                    • C:\Users\Admin\Downloads\taskse.exe
                                                                                                      taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:896
                                                                                                    • C:\Users\Admin\Downloads\@[email protected]
                                                                                                      @[email protected]
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:5068
                                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:876
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:5020
                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:3288
                                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                                      "C:\Windows\system32\taskmgr.exe" /0
                                                                                                      1⤵
                                                                                                        PID:4488
                                                                                                      • C:\Windows\SysWOW64\mshta.exe
                                                                                                        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\WriteUnblock.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                                                        1⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:4368
                                                                                                      • C:\Windows\SysWOW64\werfault.exe
                                                                                                        werfault.exe /h /shared Global\558657df909443ad9509930b6ebf0d70 /t 3812 /p 4368
                                                                                                        1⤵
                                                                                                          PID:2920
                                                                                                        • C:\Windows\System32\NOTEPAD.EXE
                                                                                                          "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\bat.bat
                                                                                                          1⤵
                                                                                                          • Opens file in notepad (likely ransom note)
                                                                                                          PID:2244
                                                                                                        • C:\Windows\System32\cmd.exe
                                                                                                          "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\bat.bat"
                                                                                                          1⤵
                                                                                                            PID:1784
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              cmd.exe
                                                                                                              2⤵
                                                                                                                PID:3148
                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                  tasklist
                                                                                                                  3⤵
                                                                                                                  • Enumerates processes with tasklist
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:2896
                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                  taskkill /F $uckyLocker.exe
                                                                                                                  3⤵
                                                                                                                  • Kills process with taskkill
                                                                                                                  PID:4876
                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                  taskkill /F /IM $uckyLocker.exe
                                                                                                                  3⤵
                                                                                                                  • Kills process with taskkill
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:3464
                                                                                                            • C:\Windows\system32\taskmgr.exe
                                                                                                              "C:\Windows\system32\taskmgr.exe" /0
                                                                                                              1⤵
                                                                                                                PID:4536
                                                                                                              • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                                                                C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                                                                1⤵
                                                                                                                • Drops file in Windows directory
                                                                                                                PID:2140
                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                                C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                                1⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:1340
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                "C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
                                                                                                                1⤵
                                                                                                                  PID:4028
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                  1⤵
                                                                                                                    PID:4188
                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                    "C:\Windows\system32\taskmgr.exe" /0
                                                                                                                    1⤵
                                                                                                                      PID:4028
                                                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                                                      "C:\Windows\system32\taskmgr.exe" /0
                                                                                                                      1⤵
                                                                                                                        PID:2092
                                                                                                                      • C:\Windows\system32\mmc.exe
                                                                                                                        "C:\Windows\system32\mmc.exe" C:\Windows\system32\gpedit.msc
                                                                                                                        1⤵
                                                                                                                        • Drops file in System32 directory
                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:1412
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
                                                                                                                        1⤵
                                                                                                                        • Process spawned unexpected child process
                                                                                                                        PID:1704
                                                                                                                        • C:\Windows\system32\vssadmin.exe
                                                                                                                          vssadmin.exe delete shadows /all /quiet
                                                                                                                          2⤵
                                                                                                                          • Interacts with shadow copies
                                                                                                                          PID:3964
                                                                                                                        • C:\Windows\system32\bcdedit.exe
                                                                                                                          bcdedit.exe /set {default} recoveryenabled no
                                                                                                                          2⤵
                                                                                                                          • Modifies boot configuration data using bcdedit
                                                                                                                          PID:3136
                                                                                                                        • C:\Windows\system32\bcdedit.exe
                                                                                                                          bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
                                                                                                                          2⤵
                                                                                                                          • Modifies boot configuration data using bcdedit
                                                                                                                          PID:2068
                                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:2404
                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:3440
                                                                                                                      • C:\Users\Admin\Desktop\@[email protected]
                                                                                                                        "C:\Users\Admin\Desktop\@[email protected]"
                                                                                                                        1⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Sets desktop wallpaper using registry
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:2976
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\bat.bat" "
                                                                                                                        1⤵
                                                                                                                          PID:5360
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\bat.bat" "
                                                                                                                          1⤵
                                                                                                                            PID:5464
                                                                                                                          • C:\Windows\System32\cmd.exe
                                                                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\bat.bat"
                                                                                                                            1⤵
                                                                                                                              PID:5456
                                                                                                                            • C:\Windows\system32\mspaint.exe
                                                                                                                              "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                              1⤵
                                                                                                                              • Drops file in Windows directory
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                              PID:5304
                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                                                                                                                              1⤵
                                                                                                                                PID:224
                                                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                "C:\Windows\system32\NOTEPAD.EXE" /p C:\Users\Admin\Desktop\New Text Document.txt
                                                                                                                                1⤵
                                                                                                                                • Modifies registry class
                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1752
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                                                                1⤵
                                                                                                                                  PID:3900
                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                                                                                                  1⤵
                                                                                                                                    PID:2040
                                                                                                                                  • C:\Windows\System32\SystemSettingsBroker.exe
                                                                                                                                    C:\Windows\System32\SystemSettingsBroker.exe -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:5220
                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                      1⤵
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:5936
                                                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
                                                                                                                                      1⤵
                                                                                                                                      • Drops startup file
                                                                                                                                      • Modifies registry class
                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                      PID:3936
                                                                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\@[email protected]
                                                                                                                                        2⤵
                                                                                                                                          PID:5552
                                                                                                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\@[email protected]
                                                                                                                                          2⤵
                                                                                                                                            PID:5672
                                                                                                                                          • C:\Windows\System32\NOTEPAD.EXE
                                                                                                                                            "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskkill.bat
                                                                                                                                            2⤵
                                                                                                                                            • Drops startup file
                                                                                                                                            PID:1752
                                                                                                                                          • C:\Windows\System32\cmd.exe
                                                                                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskkill.bat"
                                                                                                                                            2⤵
                                                                                                                                              PID:6048
                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                cmd.exe
                                                                                                                                                3⤵
                                                                                                                                                  PID:4132
                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                    tasklist
                                                                                                                                                    4⤵
                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                    PID:2388
                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                    tasklist
                                                                                                                                                    4⤵
                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                    PID:6024
                                                                                                                                              • C:\Windows\System32\NOTEPAD.EXE
                                                                                                                                                "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Text adaDocument.bat
                                                                                                                                                2⤵
                                                                                                                                                • Drops startup file
                                                                                                                                                PID:928
                                                                                                                                              • C:\Windows\System32\cmd.exe
                                                                                                                                                "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Text adaDocument.bat"
                                                                                                                                                2⤵
                                                                                                                                                  PID:5944
                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                    cmd.exe
                                                                                                                                                    3⤵
                                                                                                                                                      PID:4768
                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                        cmd.exe
                                                                                                                                                        4⤵
                                                                                                                                                          PID:6100
                                                                                                                                                    • C:\Windows\System32\NOTEPAD.EXE
                                                                                                                                                      "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Text adaDocument.bat
                                                                                                                                                      2⤵
                                                                                                                                                        PID:4892
                                                                                                                                                      • C:\Windows\System32\cmd.exe
                                                                                                                                                        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\New Text adaDocument.bat"
                                                                                                                                                        2⤵
                                                                                                                                                          PID:4948
                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                            cmd.exe
                                                                                                                                                            3⤵
                                                                                                                                                              PID:6072
                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                tasklist
                                                                                                                                                                4⤵
                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                PID:2128
                                                                                                                                                          • C:\Windows\System32\NOTEPAD.EXE
                                                                                                                                                            "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\New Text adaDocument.bat
                                                                                                                                                            2⤵
                                                                                                                                                              PID:6028
                                                                                                                                                            • C:\Windows\System32\cmd.exe
                                                                                                                                                              "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\New Text adaDocument.bat"
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4696
                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                  Taskkill /F /IM @[email protected]
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                  PID:1908
                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                  Taskkill /F /IM @[email protected]
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                  PID:4364
                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                  Taskkill /F /IM NoMoreRansom.exe
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                  PID:3708
                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                  Taskkill /F /IM WannaCrypt0r.exe
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                  PID:1904
                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                              "C:\Windows\system32\cmd.exe"
                                                                                                                                                              1⤵
                                                                                                                                                                PID:1172
                                                                                                                                                                • C:\Windows\system32\Dism.exe
                                                                                                                                                                  DISM Repair
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                  PID:4804
                                                                                                                                                                • C:\Windows\system32\Dism.exe
                                                                                                                                                                  DISM
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                  PID:3636
                                                                                                                                                              • C:\Windows\system32\mspaint.exe
                                                                                                                                                                "C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
                                                                                                                                                                1⤵
                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                PID:5304
                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1048
                                                                                                                                                                • C:\Windows\system32\mspaint.exe
                                                                                                                                                                  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\@[email protected]"
                                                                                                                                                                  1⤵
                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  PID:5460
                                                                                                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:5920
                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                      PID:3156
                                                                                                                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2140 -parentBuildID 20240401114208 -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 21586 -prefMapSize 241423 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3acff196-29e0-47e7-8b85-2b7b30f48414} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" gpu
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:2364
                                                                                                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2488 -parentBuildID 20240401114208 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 21586 -prefMapSize 241423 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c094ab-29ff-44fd-9d58-d3529b902ba2} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" socket
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                          PID:4672
                                                                                                                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1060 -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2912 -prefsLen 21474 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f7cd28-0c06-4ee6-8d33-349f931ea0ac} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:3836
                                                                                                                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 24022 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e118c6-a3a4-4a4d-b5dd-287cc9a7d7f1} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:4056
                                                                                                                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4440 -childID 3 -isForBrowser -prefsHandle 1824 -prefMapHandle 4460 -prefsLen 29575 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {758048bb-5953-494c-a9e0-d0d2cf38dbba} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:5104
                                                                                                                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5176 -prefMapHandle 5228 -prefsLen 30680 -prefMapSize 241423 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df4dbb36-a5d4-4a73-bd1d-6d2536c5e826} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" utility
                                                                                                                                                                                3⤵
                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                PID:5680
                                                                                                                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -parentBuildID 20240401114208 -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 30680 -prefMapSize 241423 -appDir "C:\Program Files\Mozilla Firefox\browser" - {686fc3d6-6df3-4191-ba68-1852979934a9} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" rdd
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:5968
                                                                                                                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -childID 4 -isForBrowser -prefsHandle 3528 -prefMapHandle 1580 -prefsLen 29114 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b0ef56-ae23-4df0-aa20-ba5e93d5270c} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:4148
                                                                                                                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5808 -prefsLen 29114 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad5d569e-a7d0-4308-bd8d-0034d0757cd9} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:3828
                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 29114 -prefMapSize 241423 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf87c1e-7742-40e4-81e4-055843ed72ee} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:3796
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                    PID:4440
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1dc,0x22c,0x7ff8bae4cc40,0x7ff8bae4cc4c,0x7ff8bae4cc58
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:5780
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2200,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2196 /prefetch:2
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:1640
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2236 /prefetch:3
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:1840
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1960,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2344 /prefetch:8
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:5204
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3136 /prefetch:1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:4324
                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3184 /prefetch:1
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:5772
                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3852,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4608 /prefetch:1
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:4428
                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4924 /prefetch:8
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:2868
                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5008 /prefetch:8
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:2772
                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5220,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4872 /prefetch:1
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:3964
                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3540,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5288 /prefetch:1
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:4536
                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3484 /prefetch:1
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:5844
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5400,i,16203601396373644715,2797672597565073918,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5372 /prefetch:1
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:2400
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:1016
                                                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:4820
                                                                                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:1788
                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                                                    PID:2976
                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8b16c46f8,0x7ff8b16c4708,0x7ff8b16c4718
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:5240
                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:2944
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                          • Downloads MZ/PE file
                                                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                          PID:2868
                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:5040
                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:3796
                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:6008
                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:4548
                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:5552
                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                      PID:6108
                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                        PID:6128
                                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                          PID:5784
                                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                            PID:3748
                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:5484
                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:5648
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                  PID:4640
                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                    PID:5664
                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                      PID:4732
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                        PID:4028
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6196 /prefetch:8
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:5404
                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:3636
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:1232
                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:3580
                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:5224
                                                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\RedEye.exe
                                                                                                                                                                                                                                                                  "C:\Users\Admin\Downloads\RedEye.exe"
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                  • Modifies Windows Defender DisableAntiSpyware settings
                                                                                                                                                                                                                                                                  • Modifies Windows Defender Real-time Protection settings
                                                                                                                                                                                                                                                                  • UAC bypass
                                                                                                                                                                                                                                                                  • Disables RegEdit via registry modification
                                                                                                                                                                                                                                                                  • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                                                                                                                                                  • Drops autorun.inf file
                                                                                                                                                                                                                                                                  • Sets desktop wallpaper using registry
                                                                                                                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                                                                                                                  • System policy modification
                                                                                                                                                                                                                                                                  PID:1836
                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                                                                                    PID:1280
                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                                                                                    PID:5460
                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                                                                                                                                                                                    vssadmin delete shadows /all /quiet
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                    • Interacts with shadow copies
                                                                                                                                                                                                                                                                    PID:3112
                                                                                                                                                                                                                                                                  • C:\Windows\SYSTEM32\NetSh.exe
                                                                                                                                                                                                                                                                    NetSh Advfirewall set allprofiles state off
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                                                    PID:928
                                                                                                                                                                                                                                                                  • C:\Windows\System32\shutdown.exe
                                                                                                                                                                                                                                                                    "C:\Windows\System32\shutdown.exe" -r -t 00 -f
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                      PID:2480
                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1854616920489537147,5413275089300183409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:5232
                                                                                                                                                                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:652
                                                                                                                                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:1704
                                                                                                                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:1836
                                                                                                                                                                                                                                                                        • C:\Windows\regedit.exe
                                                                                                                                                                                                                                                                          "C:\Windows\regedit.exe"
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                          • Runs regedit.exe
                                                                                                                                                                                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                          PID:1640
                                                                                                                                                                                                                                                                        • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                          C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:656
                                                                                                                                                                                                                                                                          • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                                                                            "LogonUI.exe" /flags:0x4 /state0:0xa3904055 /state1:0x41c64e6d
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                                                                                                                                            PID:6088

                                                                                                                                                                                                                                                                          Network

                                                                                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                          Reconnaissance

                                                                                                                                                                                                                                                                          Resource Development

                                                                                                                                                                                                                                                                          Initial Access

                                                                                                                                                                                                                                                                          Replication Through Removable Media

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1091

                                                                                                                                                                                                                                                                          Execution

                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                          Windows Management Instrumentation

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1047

                                                                                                                                                                                                                                                                          Persistence

                                                                                                                                                                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1547

                                                                                                                                                                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1547.001

                                                                                                                                                                                                                                                                          Create or Modify System Process

                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                          T1543

                                                                                                                                                                                                                                                                          Windows Service

                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                          T1543.003

                                                                                                                                                                                                                                                                          Event Triggered Execution

                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                          T1546

                                                                                                                                                                                                                                                                          Image File Execution Options Injection

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1546.012

                                                                                                                                                                                                                                                                          Netsh Helper DLL

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1546.007

                                                                                                                                                                                                                                                                          Pre-OS Boot

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1542

                                                                                                                                                                                                                                                                          Bootkit

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1542.003

                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                          Privilege Escalation

                                                                                                                                                                                                                                                                          Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1548

                                                                                                                                                                                                                                                                          Bypass User Account Control

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1548.002

                                                                                                                                                                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1547

                                                                                                                                                                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1547.001

                                                                                                                                                                                                                                                                          Create or Modify System Process

                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                          T1543

                                                                                                                                                                                                                                                                          Windows Service

                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                          T1543.003

                                                                                                                                                                                                                                                                          Event Triggered Execution

                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                          T1546

                                                                                                                                                                                                                                                                          Image File Execution Options Injection

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1546.012

                                                                                                                                                                                                                                                                          Netsh Helper DLL

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1546.007

                                                                                                                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053

                                                                                                                                                                                                                                                                          Scheduled Task

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1053.005

                                                                                                                                                                                                                                                                          Defense Evasion

                                                                                                                                                                                                                                                                          Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1548

                                                                                                                                                                                                                                                                          Bypass User Account Control

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1548.002

                                                                                                                                                                                                                                                                          Direct Volume Access

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1006

                                                                                                                                                                                                                                                                          File and Directory Permissions Modification

                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                          T1222

                                                                                                                                                                                                                                                                          Windows File and Directory Permissions Modification

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1222.001

                                                                                                                                                                                                                                                                          Hide Artifacts

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1564

                                                                                                                                                                                                                                                                          Hidden Files and Directories

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1564.001

                                                                                                                                                                                                                                                                          Impair Defenses

                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                          T1562

                                                                                                                                                                                                                                                                          Disable or Modify System Firewall

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1562.004

                                                                                                                                                                                                                                                                          Disable or Modify Tools

                                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                                          T1562.001

                                                                                                                                                                                                                                                                          Indicator Removal

                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                          T1070

                                                                                                                                                                                                                                                                          File Deletion

                                                                                                                                                                                                                                                                          2
                                                                                                                                                                                                                                                                          T1070.004

                                                                                                                                                                                                                                                                          Modify Registry

                                                                                                                                                                                                                                                                          8
                                                                                                                                                                                                                                                                          T1112

                                                                                                                                                                                                                                                                          Pre-OS Boot

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1542

                                                                                                                                                                                                                                                                          Bootkit

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1542.003

                                                                                                                                                                                                                                                                          Credential Access

                                                                                                                                                                                                                                                                          Credentials from Password Stores

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1555

                                                                                                                                                                                                                                                                          Credentials from Web Browsers

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1555.003

                                                                                                                                                                                                                                                                          Unsecured Credentials

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1552

                                                                                                                                                                                                                                                                          Credentials In Files

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1552.001

                                                                                                                                                                                                                                                                          Discovery

                                                                                                                                                                                                                                                                          Browser Information Discovery

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1217

                                                                                                                                                                                                                                                                          Process Discovery

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1057

                                                                                                                                                                                                                                                                          Query Registry

                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                          T1012

                                                                                                                                                                                                                                                                          System Information Discovery

                                                                                                                                                                                                                                                                          5
                                                                                                                                                                                                                                                                          T1082

                                                                                                                                                                                                                                                                          System Location Discovery

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1614

                                                                                                                                                                                                                                                                          System Language Discovery

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1614.001

                                                                                                                                                                                                                                                                          Lateral Movement

                                                                                                                                                                                                                                                                          Replication Through Removable Media

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1091

                                                                                                                                                                                                                                                                          Collection

                                                                                                                                                                                                                                                                          Data from Local System

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1005

                                                                                                                                                                                                                                                                          Command and Control

                                                                                                                                                                                                                                                                          Web Service

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1102

                                                                                                                                                                                                                                                                          Exfiltration

                                                                                                                                                                                                                                                                          Impact

                                                                                                                                                                                                                                                                          Defacement

                                                                                                                                                                                                                                                                          1
                                                                                                                                                                                                                                                                          T1491

                                                                                                                                                                                                                                                                          Inhibit System Recovery

                                                                                                                                                                                                                                                                          4
                                                                                                                                                                                                                                                                          T1490

                                                                                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                                                                                          • C:\$Recycle.Bin\S-1-5-21-849517464-2021344836-54366720-1000\$ICMTC51.LST
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            90B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            4125e7840a291ad67c99c16a77737eaa

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            45dccef089a830a37f4b349e416bccfa2d2feaa8

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7258b71a5ec41a8037a905c36884b8b2efda9b467b95ae87fc5ca6bae4101eba

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            c689633f7bfe8764aa27886692e7e8ed06ce5168d0504aa6d23fc1b59a7ac40fcdb3d6f68c5cca75f99560dffb7ef8d5bcddca60f0e4de47238e3c0681410e8c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            102B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            7d1d7e1db5d8d862de24415d9ec9aca4

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f4cdc5511c299005e775dc602e611b9c67a97c78

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            0df2bc60cac06926ad819cf31f8993c6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            0598984aa668240bb9874fdd336d30b2b3f29c26

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            4371b98cdcd04852be04cce9d51e5ee9fdd82452282998371b01e7bc9933ea31

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            a3b6db5273c3579ab5df80cc3eedd8f14bc5e35155579e0e5207d8b21c582ca8f6265581065b69e3a9bf43df6c0dca4e7deacffb50d589dddd90823bbdb83ceb

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            40B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            22f5e144709fa0ae00fcfdbf6f02532b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            292d70c93c0f59de870ba91d140c4d5e150fe396

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            f6c845dd9d79dc2599e2ba30b48e9791b5c5627473b9cff543e89247c2a75e94

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            f3bde8d314f97ef0996ccd98adab75b9bd1222d160b5726795df602747e7aed594980c0713d7aad1e43bcdb0e34a76aebe20d20aaca63738987bd8999d8c55c0

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            214KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            ba958dfa97ba4abe328dce19c50cd19c

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            122405a9536dd824adcc446c3f0f3a971c94f1b1

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            168B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            e4cc3ee91298c19e4ff3315555c41f53

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            0ecb852ed4171cdb4c986c0cfc7aaf290a54cd82

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            2d628c9c4e2589cfd25c903e400c3894d0bdf46bcec82ddf2977c23b6f9df029

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            4e52c4dc7273303b9f98e3718cb845a23f3d0b939fba6f8161d6c0a8e33f7e3f9d412ca35e9d392b466ae5653842a16167b5241f51fff082dd0e9224aeff006d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe65756a.TMP
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            96B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            54a262d07a25281dbe98255574b8034e

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            23764f1e7d96d0096074000b03f38d7c5f2eaa3b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            56aee833f720af873cfde1455ae75fe03c617be257ce8a177f565d3aa88f5767

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            9970085c59ccb653f63d9018577032fa438899ed6ff2fd394879a88373dc7c6393e7d87809f76c62a7f85bdbc69bdd55fc1ba1ab2174d637412f1028d0ffd9b9

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            264KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            fc58783d1e40866b35dbd888ae7009ee

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            031925ff95dd3793027f704f659f2dd3b60872de

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a3ff97a14efd0e7b4b56470e90017abe31ba54c64cac2c545d421a5507ff59ad

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b074bbdcc4b4d8f7e392677b5c51958f799f8c459711cfb69ce21a7045c6235e192c43f71d00cabf945c7f164200c686eb5ae9979b54bd6b01f495e83e32d6de

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            2B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d751713988987e9331980363e24189ce

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            354B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            0d474350dad04250eaf095debd18749e

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            255296184b831e1b5b1769c6020a225416f86678

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9dd7da7c0b122ab9a2932f704af088e80754e1d74193e59d05abbafb18cff164

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            52b5f0fb48e4e52443ccd6285fdd171bfff82fc7bceecfc87f404a31c687da60e94781cda0febfe31d3c70a988d73a98a0a6384aee303ecf86eae82b285ac302

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            1903fa3ffeeb60f3afdfee91f9507bb2

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            376a2391a65094b9e9389bb47f6c955dced1b620

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            68c8345e001499696f1a334cae258c202d348fa22fec051308c80b5e00cd6377

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            f30d9d0fe0bb67610a0aad7a88887192fddbe40fd81dda9fe0cc231df847818c3b9e74d2d3a0a7fc1771c103356a91c53fa8002fbb19b4f8645178e5153e591d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            1a138c5da98ef378ec5fbb06216ff1a0

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            e0b8dd29f2d0cfe35e17ede8589daf80731f458c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a466e1f5131bd03c0cdd97b0e14ee397aacab7a714a260c6af05f3035bd85fe1

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            fd7ad16d04425c16cfd326bc40888eddbe615fd56296c5bc373b6c0ab075ec0874fbf6b22b8296c891ca2f5534baee0d6e47ca9ef340df9a10397bfd15f972e5

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            15KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            f562a179829ccf8c4c15c482a4f4e443

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            9f23be16e5c69c507408503ce8449d1503ea128b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ab6b914a8d68e47cbe4c961d12e92a366f866bf7ab635ce09d2afc36a21746b8

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            721fec71c95af4a21fb7a76b7bc235fb7cd48beb4b3b42e267dc352d88292af58d03d224d5dac79988055dbedf7ccffcbf79cde21cbf1c67fb2cd1b3448129a3

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            241KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            72a7cfbe3135e47553381a0c606c66f6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            be64238adf20d22bc4eceb90f7da87e2030ef77c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a6c1d847af671cad7fcf32c99aaf4d567b0d62e09b33d97cb039e60f582e7eb1

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            858af43d3868afd3aedc350a5706d6fa85cb3ccfae5befd05023f984b802fc2f53d26977a79550ef5f3809a500291d291b96a6f0bb4ef981b19fe928cc787344

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            241KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            f6216958db43f7cecc54c5495a0e54b2

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            5e9e727712d7e8a68963c991d5040bb01e55a1ef

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d0da15158c7733b9faf03ce2db86f4219b9693f9e2001277a40382b0bfc0d622

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            823717a102360c94d0bc9282364abf3de745f80a4f05e9b3563a6b22bd5c5b99911a3de009ccb4ffd63476c00b82313001296083e061a809da2e56b234fd5a4a

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            152B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            a758a537bad007051bea01bf628d714b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            4aa4445a75fa9e00f80337ab836f7bc2ec2eb213

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7c93d93645f324ae3dd5289303fc30c1a3ba3de916d0fce81c1db61370c47382

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            f4564c41b157069982b4a2c5ec1d9b2d0f6db2960682f24987a78ea7fb4edad4aa2ba4f2c16cb35aeb4846c30ab2ec06eb0b53c7b0a94af1a6f00488af428f0e

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            152B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            9bd496f75fd5fa1b6326c81f3a32cd58

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            8447d467de54e076c5715565035c99b0c3dd646f

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            6fe85cdb0accc711f40b5e6276f767111c4681c79e22016315d99d4e1e1fa311

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            15fa9784f04c9fa46fbd22b7c3960814c6c52d9ddf85c780195ba016e440f52db2f06c9368fd365534b504688cd64e76104ede2254a72d53b24f84e5303ef054

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            152B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            cbc1e718c546d417730568d48ebe699d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            eaeddd028121ca603bc558471291c51cf6c374ba

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7ddcaa9364dea891bf3d443bdaec5e3a6e007b535336ced81af9a645dbee5c7a

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            096342fe5457bb099bf5bc9304bcb1e34b93edea049e5cefdae2cc01d4ee2a1f046cf963714918ac24565bdf6eaf049df52bfc17da16dbf40c5d79157a42253b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9eaecc4b-bfc6-496f-b48b-3f9971dada4a.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            64KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            67KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            69df804d05f8b29a88278b7d582dd279

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            d9560905612cf656d5dd0e741172fb4cd9c60688

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            63KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            226541550a51911c375216f718493f65

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            19KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            115f1a40e8e96e8db2760c005fe9fdb7

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            3e2309cc68a7010ba201ec4b390b87ab13811df3

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            522d58190f05d0b734801d861cc02983ff137e6a005b76a101fc7b0b8753ffe4

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3503b7a846e1159f0e48c6e59646e268e0c6a0fa9cc90c829d375c130de4961d0f90a8d2dd7b6a318662ba7904839ef784bafb4c72a74fb90607a3537215b853

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            e9dbcfe29de16fc8978b5d8073195940

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            a128b7acdd35a7373400c56452e1d86ca245dd01

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            bfc5ec5ed3ac328156af7c286ecebe05241bdb38acfce29438a5512bf0304467

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            01ed34d97c31d46e1d9e6f2a2f67b62f73abb1495fb857a11ed902bb0401f627fa4334dcbf256a81c12a7c7f13f75ef6966ccb04f28a4103eea3c4e1ac1cad5c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            71955044c5915a0d46b762f5a427118c

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            41b894e5e85d89b97565e47d5304de2eae5d05b0

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e388d9597dc2d2e8249bfa5c9bbffe244b1d9fd816e5adcb1edfbfe8ea629388

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ae400a60cfad7acaac2b2e13f370ae5e64047d7ece83167f9529e9599e97dab1cc700f7ed9caaceda2d573dfa67b64cd2756668f35bb546b685b1aba9b519f0f

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            a30d9455fae8a9fb20ed7fca0095f486

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            513a898255edeeb3d850a8847897efa8f4754efc

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7f395dee9706c91f4fd4b3e04ff1375513e894a2fd6207c208aac3d558dcf5c9

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            aa26f2b28504e4637ccdbff178b871ede84c45bd64bdebaf8871a0721cbb5ebf5c632b5db2919b62ae0934be5251bf06b2da4148a8e4002962be64453c2c2790

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe65fd48.TMP
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            ef43fb13022427d556aef0daa5d8e609

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            516bace7dd07f434e543bffbc71783768f37bce9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            87b2e43aab1b617d7aeadd06e20a8bcd74d8b15449552ef66ff34fbb1ce21773

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            72d3454f50e4e50b1c61cd844a2898db2428202b78f5b93a2b3dd02394add1119b40cbb9155c124c4a5636143f10116a5e60c133e83940180dfcd67e7da18264

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            111B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            2dc7b2180bc9980c506f0b0f372185d0

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            4adf1b37e0cc03de7f9040650b5cb3550c9f7d5b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            f71fb394faea4ae54722595b2d62cb2745a118eca7bcdf8c51c4369c66c24161

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            551dc268eea893ad621aa1579bdcdf8860ce287ea209a595beb1bbe5cdcf734bbfee08639be810a0d4d0b504f0f159e253ce34bfb3b2bcd792365696c6ce0cd5

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            022ec1f49823c60e417f1c45a752397e

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            ac4d473d1d0347bbe8a1174e97582aa585ebcada

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            f406f776be6253635b3d9e9b2c7294d4f951e99c47e0f44ff3315807acfeb1d3

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            be7cb73ee679429b3bbb24100df31ac9e60985b247b41d0d69264b0d3604889790a76429cd877ecce89aabc3dbda998b1e8d74e9e374a2914522867b1deecdf5

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            ace5e6527d37db2cbfe1f4942e6227d0

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            e5b880f3fdfc532a6252e3b5720aa2bf9d3e72de

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            bf7e1ba244001126ad1df646a35ea9d66e24791c34fbf413afc23c7f27d0487f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            a482b3ea88989e294b707461a49534d26b19ffbce9f6151d25ed4336cd3421a07596554324808ac51c15b989cda7a31ead8a0138c8baad146f05475704eb0dca

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            34bc2a3c56ad7ebf25b3886ddfafb263

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f58dca4cfc565989e1eff55ccc475d22e4e4d9cc

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            368380310fddec363e3eb50894b22aba86036ccefda53e8a218da74d074dc7be

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            55c1040a8f2f00eb88548cd2da4e6ab350cd15a249216777664d44a19669b1dc716460b0431ac5365e56899f42d28ce537558f89625e16f481d83749e40846a8

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            871B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            4a5b308be80604ad45c5a6922dc06be4

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            10f17cc5bedea07bd6753202efcdad4790e5d134

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9e13190ba325febc663e3afd5dcc17226571753fdff8cfcc28170c76e60949cb

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            04dc70e7bbebf067fcfdd87c95b63f56560669918066aa3ab71eefcf857683a8cb4dfd5e5f10e77a4eaf0d614b9d5f850009fea118d55edd7b0a80292f050f11

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            bd50f69255026ea080d86f3ad940dd19

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            69654743bed383569ac66dcac9d2f1a73857337e

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            34e27d5b0bc2563c192998659ac9e1d7cdc001763556127a002346a065fe9802

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            e0b237df8f2639f3f2f7352d8248fea96dda02ff9c12a327cb4f46f77ed3729de9ce5f44ba366c97368d977317313367b29754dcc7174cae83158500b13c32b2

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d9593e856f7877cb337c5fb88f0819b0

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            14ac695c88e039dca3bef3cb60552cd86469b4a6

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            94134e8181298eaf5e8a8a82b6ba9781e9a7156fc041fa045e55e9bf2fa0c08c

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            c0d9876a538746bbf1b9ea9f4e84deeec759206cfe99409fedbc3836c61c08c7370b28b2ec8452f834b70e478555d167e33bfad8401b2630b1f2c82d842fbb04

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            b5fe74b59d39b06c0116b1fdbb4afd84

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            30fe3df065e9eaaa13a77dc44ed51fbb7643388c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a24b46801905d7bb2e7ce62b53578244574c0657d85040886e1b1ed441723a3b

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            c75391d8b7bee3fcb938c6b7d7c190dfef7721e6dd70d67597f05facaf35e3290ac48c5b37638a37034da8d24ddaf427076102e3b3f2a44060a0261a212a061b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            11555d56c26e22178383883526c88e0b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f5f267069c714f4a0e093772aa3da729ff9e7f5c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            cd7fa0cb0b13d9fc28398611f5c347aeb31c01605be36b100d9aedd074ed0988

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            a2e3a7b9a1c9053976085e745b8715c8fd513ed3178d808c08a98af63843958dacbd58b698f52acde2cd9415dcf3040913f535f08014d0f6089db43bd4464645

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            227dffb1a28a53e4ae5efc889246f8a6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            fe06e3a6477fddbe193bcaf22c995894429e8331

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d5972d6659103e87e4ce96fbb9930d2d372d5500b126490eb080841d63c5fd9f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2b5db8726d2d79681828085dcd361a14fa39191edc764bc7cbfedf2ca36ed21d12751bf4ff9c1d0eb7fde617b23f9fea1b753e07e6c230d6843f5f734da2073c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            30f997d24b71d7a29e5dd563ff351429

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            dccf7c1dbba556f04b68c3c2b4c8606fda514e6d

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9c3abae38a9b47e6afea62b9bf4daf7b15493f16b2f7f4a573b2a5959efa2474

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            f7cd923a3b33bc97919b011b11baab3617e8716ab646c34afd44ccf2f3e344dfa4f3c125a1aa6802592d87e8c558aad2db50d4c65f1ca7a6ad3908fa13d47d5d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            419a2892b50214c64393a6956ffaf30c

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            b4b4ae5c0892236ad66c43972d8a46a178537010

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            85a10758643926697fbc71935b6166e7227e2505f888d8c19b0565a14f774793

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            92da4b215f3084960f07eabcabb8db4466376ff6959611265a9d9e3a0b6ae71613f040e8d6b7dce034d340938f502bb2c8ee00bad5e38692d6db29a8478bb46a

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            252d0f90f33ba5bd68e40ccb44fd6032

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            ef8f60458bcf5dfa9fd60a11439b92f38a8fd2a5

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0b7747afbb9b4df3cfaa18e9375532aaa7aa197d73b93a89edbeb17aa3214352

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3bb8acbabc36945f2317588da4239e1db2fc34877c6e0eb78a7ff37e88c6fd2bb206a7edf35f1da800a1625371da08341785be440b1be71331e97ba5aee66c5b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            5KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            b6483cb5c7400faa6f8de5898f432183

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            11d4ebf5c4b23b1eba2c72d7c350924be7d0ecf1

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            97d3fc27d0b8652169eff7c4325e4283dc423d491e19f5fe1a7acd7013f77c46

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            4e3a1f8a793bb9dd8426d4c4cfde72df342126b5b4c6ae1790e3ca43ac25f93150ba313aaf0d067c8603263721ed6e6806fc86ccc9e8c45ff1e22fee95a5f2f3

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            7ade3fb7312f64e327c5005dad5494cc

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            fe160da7ab8661e080433b5e43bda077553de19d

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            b9576005452e9478f9e132db3ea14cd1a3d1eb168e202850852fb06468e1dc45

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            167d921c225c5932de86574bb8114af6e0957a25b9952d2e99dfb38aa807e27fa6a13d526e755e86b3888bfaaf3149291eb65ec316332b41cc1b5542afb93929

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            85d5fd55972d3fdb69ba4010383b7093

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            789c3e10b8a314079936f796680fdd24d5478b0e

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e008722b8c320c1700ee1ca92258706fd04d723e0be3521c564701f75d3f0fc3

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            491e492876e5324c628b4d5f2b918052eb8b6a3ed3bffbcf69ed1ec88b462603877960e326f532c7fd4ceb747ee93282682ae84b3365c1a5487573830ec1f3f5

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            6KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            f8a347dd0b9efb0266e6f73e0612baa3

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            5256186c543a88925b219c7ad9784b50c481b37d

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0b0181b88340077f05cf6c16d4a2b55e0f8d37998b4fef95ec1e09151358f3cd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ec275ea0559bef35786282b5f9c2c8f2ddfc32e6684a4a943c6ea3bdb0f7291d0b11e6f6246ef8ace4abd4e51b8d9df3f18e0b42a3169cd61ac361e25d8578aa

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            7KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            fcc38593ffe91fced96975456f4f6601

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            d9f6002109051931d76ce4bc3b7bfb2c069097a4

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e32a76d3c28a6262c610b01edb38596cf83fcefb4e18c8f95055406d4133d48e

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            1f0d4ac7352dd415d77e60072fbc6006850929405334f293e029cc1c07122f7827cc4559b4db8d981d08d6deffc97c1e0514431ab6435dab73ef0fa92b72649d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            1598213a6aed535111dbdc59c7aa55cf

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            25e45154dfcb8f7feb76c84900678d4564a1dbc9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            1bb5be6089a7d0bde1373878161afdbfd71d22a76899ae3587b3694e9cf8d205

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            dab7c2aad75dd44c5b53175cba87c865fe83d9aab5a2ad28615e4b56c6d313c5b09fc5f0dea4418d49ac40ddd72aa803022e6ad270cb50275b5d6a842743cf30

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            24KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            5b6e0f8d24a51852d79147c7683a4583

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f3498eeec718025293fe101c1f30bbb1d155ad37

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            8fc603c3a1de2750bd552bfd5d8d41a9cef73403910273681ac7d9ddc68c0d38

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            d800532e39c32228ac69c570092838a8a9553aeb0c3906710af883bc6c91d0b090139189f492c3a9bb6ce9e361c98fb9446d56ad88fb7e41234795fdc1dd7962

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            3f1cebe1b1b434e46ea0b42f11539ae5

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            444907855789fd23a0e34faf3ff5247859ddc29f

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            24f81456e20f2f69314cdc5d27379ded7925d602e6ee473fbd879f806ec288f3

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ae7093349fe31d80f9d481f7e43e0e0eb2f5cef5b86b04627c992ba2183182fd25d368f99a75e30abd892d65e02cea46c874633b294ed6f782f281b01fece059

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            60c3084ef3895fcc3eab78b3215befad

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            b756aca767234d6cd3e78ce4df9b6e1857da6549

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            612a0e471279f5ca2d9e4c6ca386f01e21670835103cb714349c480c665204da

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            441504cb612c0c4f106c546f69e91c4ed212e8c5733e8b4c776bf71368159e3e27d6c85253c16466e723cb0007f6d2f21c19300b394dbd417ac9586587c8b23a

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d461c3d4eeed246260e036d15ef1dc89

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            4db09631c3466061b111ed0d7aaf37f4b694ff43

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a0d29ae7e494971f08642670f889e88d99e185793fd7fb0d8307167189d96767

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b9b783858179534d4aaaeeb6a9f57cf3649f0093b7109bb2f6e559950abfa3620b1789727988d4aa1cdf936d081de8e7c0c11380fe5c697486c3ac42627c2c57

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            eef5665a5e327aeb919e001d45c0e4d7

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            131e8813958be4e2e37e1387a2faf15535881597

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d8829f62cb5c26588dae23310c12c79c1f764e3f0d5ce1399ea9f8dfab922e8a

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            049bf86e9b259f7343bbb3989bb34622572a438c0c19f889cb07d64e33344f4f5c8107ab5a9ac69553bba0d87ebde48d0f39795544ba8bf7f377570264040f17

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            b847560811421c4b0e50b39892e54f78

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            9f488c203beaf9ef3a3c3d4551d7a69160bd7974

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0bbc96d67a293e4715fbd349d89bd97317f4c9173860a9ae6e3097a08ddfc40f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            23a30609a0c26afbba1cb17f02b2ebf26496f5c8025760925899c22f510b7d3ab45ec2e5351442d33242ce9f823437f8a489b524a79b524f9ba45bd5125d6310

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            db0d2dd5aaf8cfe15eec599248be8c0b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            d5cea3cbf0512fd5fa960d22e7c5530f29d91a66

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            c3f2f034a2292d74fc331535b7adf32d1bbf3ac9eb327637e0bdf091645ae02c

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            d724d55331f5a492bae0f5acdfb8257eef7fe1b5e688b232467642d8352ac7222d9212b21d378d1e1fa091547526cc94dd9c7de1b35b9391d87d1d570f8b4069

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            c06bd27e4f26d75449577e1369a2680e

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            c19ca600aa7e59c334e485810ed18c0460c470e1

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a6451e2ae83506d88a98b7a5840613cf773a0e9f3bd2e3186aedc41b45e4481a

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b335accbf1ecd1ade8397976d5a7a7ef770a21fb1270cc91145248feb67f1bbfdae1e3f814c09eddebc77c6398ccc5977170bfadbda2193ec9bdb7f038518d60

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            53a63b4aaef1414f5f8c183b6722ef4a

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            cd9a7990a20a2589d5297d51da6533d93a54c8ab

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            23c1abbd23b5dd39933f92511041f4e51b0b1ac7650730193ac5c6e6152cdd1c

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            7c30d846979514520555ab73ba70d4dc4a2c344628a8c8fb69c8f5b1b6946e435740052295b48895bbc48290691cec21f56e6aa190749af6fcb680b54c7e9476

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            5b707af22856c59ae81c0bcc956408a8

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            9efcffbaa1c5937e1683f51fe23a8a750eadf958

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ea8da89d06310ca50a9852115399e32adb5debf8d3b289b5112ddb8eb4c46d68

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            783baa0f4150b2fdb46a1919b968685864dd3da7a5d63b2cf5b51b5f96274e58827dd8c4a83820f286d2bbecb2536d93ab2e1704f17e75aa0ca2da4a6cc61ded

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            1222c6de6be3a8aeb98a367b7e960a66

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            232df3a399cb5c5b645802c8c7934acb368e19fb

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            373383daa1156ccbc0c294d550fa3ca271e557c2a8aaca4d5e7e03621595f470

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ba8f9e84350116f3949e43814a7af12c1e3c9de26ca1702b8dfdd0851756b4aab01f72c614262d78ef2144bf82eb1dddbab3b48b3efafdc509d30b7a5e60c88c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            559f3e8c163b9cf517e34bd9e95c6a80

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f36fce8c00e5a33c55cd663e05938571509d6b9b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9f320863ebccc96b9153b2d429f88dd6cf6b0a847548164f964af2f533536c97

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ae09b640e97f9cbe0d7cba419332ecc0b761e156dde1d313dd69a0a2641ba9f1486a1b755e7e85181616984d828d1905e63576fc7d0880806edbd7a241ab5353

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            db64ced1bc0ab228279ebced2933dbc6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            70162cea7e4f8511fc872bb64464d9759d9b832c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e447f2f219705fc317f2a86b48b034540134699c92d2724b83a0765c4ab84892

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            a280f0bfeb3f2dd0d144a8b704743994b083a8e26a05e17a7ed838899306c4127045df6d4fb31d2eaccb824c5640a9d779ee296abefc061afe972e9c1b2c1080

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            8db2a8a6bbfa026aea564bff9aaf7785

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            a707b52681f7572a6f22d47c3afe0458018f67b8

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d55172fd7dbd14e785e0bacdb7c4c5aefd19b42e28fea4bd49cc9e255c7fab79

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3ea7220b74dc0fd10655087e104836ed372b67ed7dd0c255d7c21e1f884e20687443a9d44b2fb0e857047f9db4be34e32e712b625fff47ef03637b8f6c63abd3

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            516a346f3dc9c0b85ac04ea589bfbbc6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            3287e3d3516a43d37c4e599f68eddbd87e804fff

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            6de22bbc6bc4be67a347857c25b17e32a5ba1c5df5d20865898fa44d87ed2f66

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b46fc6ebcc9804bc363deb4985cc1e13becbe21ec3cfabf3ef6c4fd23c4e7d548e6113a218253c20f163746077644ee70f58f86c9e74794d54297d88a5d893bd

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580402.TMP
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            093c44f4218cb3e41f8758535edd7acf

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            a9fed4c019db4626199bd391efb989147b98a775

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            1c67655374503a7a29fc60e7c0bb8bdb0b1a4ddff982921c195cd020b1f60ae1

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            0bb620261c1d240f46cc0035fc462371831dcfaae9460270eff5369cb243b677123108d33c45d7745a443e2cbf07b8b1a6d000df9ec32904db8e74d5e1dbbafa

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb0ff70e-a863-4c40-83de-8e0c0e096bc8.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            592a49e9a754ad41e90c0c6ca0628117

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            b7c0e192065fe0d920a1f636bf8f6444da20d786

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            cd5e87b53fd64234344ab0d61f9f6442592919ae60ffe35ec3bb54acaaaefa7f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ed8e8442d2bc08f4b2338339d6126bcb07e1c239d09992854998a591a487a77c6842ad228a1f953b62cbb3d72403c1e427325d048c24548bf3ce30d37f0923c1

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\9d07a29d-2114-4575-bfca-e20129ec5bf4\0
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            c8a6b397e68f56121ab7a7283cff32a5

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            1054cdfa756d71fa0cbda9ce2f33b57f95784411

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            842dfc539f820bb03420efd4edb9e845676bc7edf55945bcf4dc0cb6e8e5af5b

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            0ca98bbdef05f97b47c4b03cb8dc8954fa27c4407dbd6a81cf9b618ac19dcd05abc8098be3d6e582046298ec0f04da79eb0dbac67bbc7cf3cbc94244674f7a8b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            16B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            16B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            4404a140ce3819fb7354691a2d046dbb

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            94352f46461f0aceacce052669c70f1c637881fc

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            8789239a7a9c5f77dd519a74526bfa5a55d46918876d15a0007fd91ed948afff

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ed78858b51dda3ba54d5633db0ce4e172b85c5c56f8d81b232fa67200294404d0530326f25014fb70470486d3a40dc7b9b35053ed92399580856bac7e851057a

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            46cad908b6a30b50a3fea40a7e0b881c

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            fd3431bd3890da8c99d1fdbd37c3d41684a9292c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e4bae0c23f0225cbce9fa690dce2217b461339b87ea8d059541cea3de528420d

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            02ed80f238ed946a7e880b4ff1eb77af41b1c7634f0dcba605ffa2b729613205a0115d80aff69a06706843245f899da8cce037c06d3caf85a7431484fd3a3c66

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            a7075049178bd51519057e613ea2c8c4

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            dd98c2dc4fde86de84edc1995effd4da70216a95

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            1d3d8851de13cf999cf053fab9a38e3fe6d6f49946ae0b8d2c236d61620574ca

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            6d324bac307f3d46662bfc3daa787220f7be45631b12e4e57a9e3cdce30319b90105ad1b312221e36871b46fb5b37e4c29ff376642fc9dd2ce8eb2a4f9e5e097

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            64a56ed4e9bc4f2d397fa941aff362bc

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            61d0f81caccb4e453c506245d49083773a6c5503

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9455b8bd50b9c3d66e9832e38f4b05500a49396911ed965da53dbe98f3415bff

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2f81f88b21c886ed7b7ed7bda9ced45a97c1b62f41cb2f6264bb469e6de087144db87b0987b88c0028196c1eb0282470b968da1a90b62309304f3000c94b2bae

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            43e70cdd14be6baf60d92bcc62d02318

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            eb5259951c98bc4b741248b23f563318a07d8d1a

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            de07e789beee139e365e26db22f198a14b6be4137d31969eaad177e171cf75bd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            89a1ba115c8fa80df4091f66c5c6f24768d407ff5900b1e24a2afe4069bfd898ad54e2fc252dbd0fea60e34643127f369fc7b7d5642706b11ce5123cf570544b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            a850e2d18249b3c1a4930528a95f6b5d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            669f599eebc9f9a7ed301fdc4fc0286f546d4a06

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ff18c605ca28b0f1ab8a8c8e45f36c087b0180d58312858d722ba8091e0558dc

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            210428c8f81395a770ab652290c424bdc9b5ea52127dbc068c04dbfac76b10e3ea5d3b2354638ca575d3fa4ca84870ad4b86977a8a631f074b21e2c7128d2523

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            e30540c16fc1f3b736ed537dedef13b6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            553470abc484dfa6117c61a59957c83cf944d0f4

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0655c26e76c220ac96775cb0c3e662afcf61123225db81a26613b03c53edde6f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            5d2881c77f51471cbd81ea9f41d1c3102ef9c3b5b36a69f17d4094dacc523c244bdf9815f3d75206c34f402cac4693f8af337390684a0c3e97695485046ae1fe

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            26a8fc85914367263ea627675a527f21

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            ea1362ef471380d2897b9b668c1dcd1304fca60f

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7516ac51b0adff2404ebfd23320ad52757a47e1e3f3c4da6d06348182955d228

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            49155c0f32646c7240c166039add3f2fcaefc2dd48bc6da35c4e7a310a3a15ef1803e46a15b13176f46848ae480c3a17af21ff8093bc32705ddf16a38446fb3d

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            11KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            9c4cef5acf92dda8fe6419c73b12aad3

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            af2eb60668eb2d1ab989382dd00886d69cabec02

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            c3f932d7ef86986cf6350914c9f4d2464ce04b70b0319a07c04001053dd41f5b

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3b87d8d392069b2848824741bdc02e4407243309c7adb7a7e6bda22d6e5485c02c162bacf44d622a9fdc239dd89df073c181c06831333c94918c16f1af84981f

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            fb1dea2bded15fa446aa0452d7e6312b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            233e422dbb6a2c7c372d86cc2dbbebedd5741db2

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0dde2a538fae15a1c9258931172a931f0d03c6f5e0b5d9f61865f5ce0dc82182

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            855226f776ff98380d16388f5aa0256afa041161a0f4d5d1c8f395f514c9d36fa22514e1f90ae5a4ac6212b1c066a3248746006cacac9118036af0bce812bf3e

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fda48195-74fd-4978-8bdf-2e4a7b3a86e8.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            483f6d5ed6ac94ba9df0a8f019219550

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            61d94f90b9465cc404f29536c27c0d37a1e956e9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e4d69cf7916d6a8393c3fbfadbefb083a002d977e74fc2b62d12e9148d5f7980

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            11eb1e3345d64a798879e87bd8915d6ab689958a3670678787028934a9c69c5d92d16b36d3bd685963b7a461039ccc300dcc6cab12dbb6233bc30921ff80e967

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1AOAWEA7\views[1]
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            bee1758a485085bb8a121eb74ba7e96f

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            8024492e1126b17f832e36c932d433200180b693

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            edcad5b1ce8a304b70b8c9ea57d4aeab740d979ffa59243b943011cb1ba4d57e

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            bb1fe94a523ef108c49f75da187fcc28bbf80d72233454c329134bee2e12268d3da344a622987b081612aa2a1edac8b91eef27619c7309517ac52e7aebf32f1a

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S3FJZXBR\views[1]
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            a726593a8261930e4786375106fc6bfe

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            13916b1e1825549e9c36c64e35baca204a83ef95

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e6bfdfbb9a0649ea9d38de4255c355c581097e6a1035a54943260b22ad45f172

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b093a2513b2c4f8544093d6e983ec580e14625e1529bc3db22c4011980cdf44a78443c22289b11a6ed0afae2786d480f94b354b71496ee022e439d2bdefbedd2

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\activity-stream.discovery_stream.json
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            22KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            dfb73b320498b893d9d26f1d9ab0947f

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            80fc0bc3b451c515307e90628ddd4fd74b04e14b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d79b782c85145b99493820e5e26734046e67e7927f5e0dcc78f2ebb1e1ea80e5

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            e2c5e4135f228e3234bdda4f5320691691bc029a972ebe3e1d59b4977eb63c1d343463f453214454566e6983873ab2500bc02940acade90a902eb2ad9b43beb6

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\C904.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            55KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            7e37ab34ecdcc3e77e24522ddfd4852d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            13KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            b2302d8cf0e68a87eb9fb3c8c6512d71

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            0a07cab47326aae4300a0cdc084be5ca2cf2196b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0c4bcb2dc5bc7c2ca5471600126c989520409e8037eee5d2c55918b71cf5a530

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            5f4aba7a75a1bd928c2f681bb74cc73da038b656f00760d8df8a8d3de67fc4e5a7ee813570ae2cda92feb6793f58aca7e76953f223a1c9af84aa9e297781f45f

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            2e3f44321cd62a1a5f3f56e89159d58b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            d9769a613e2b6a3b81d5d3904fadaac7a852cfd3

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9014e5d7d668555f99468d22edeec36df264121f4999b122328c87916f59645e

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            d4da1e6758efdd38937abddf276b51d72d90430a93dda6eeedded6ea4549a02ec4b074eff7b822b8ec673cb06366e40e29563f490ff70bcf0c1d4dceeaf00cbf

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\AlternateServices.bin
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d1b9ddb9e0cb1487ddc23c8357bae15d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            e5b8972c402408172ea2b27208403cf9150cbc7e

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            fa43527cf3ce3b0bb4055d0d2c9ece36722272d4e458d359f6b23c68addce304

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            4940f6e931879111d15b6b3f100a649e4aac120b36077ec0e8aba7b8b3f5ed95a0474aab44848ae61af28781508d753b0afa5be713edce3146cf24d50885a3fc

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            182B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            b1c8aa9861b461806c9e738511edd6ae

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\datareporting\glean\deletion_request\5e09c6f8-44c1-4e7b-9cd6-905708c7901a
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            575B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            14785764a18befe6a790fceb9af71bed

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            26f8c6fd22daa12916dac2e7abc8813307ddffb9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            15daf55f3e351049a3e527ace495b71bfcc5a4b10cbb15be43e9ebad0e050aeb

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            c4634c0758c2b03a8553d2c0c1bb8709f51481493ea0dcb3da6b64aff40f86aa4b6a32513cc1bfcc78af303d663df17b0d43459e00f25d7eba058863330adc43

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\key4.db
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            288KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            9ca64a603f1594393abd641d97875131

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            c617d105124876e5fb03b39c54241537a9b1969a

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d3ee99be2ad38d6e32757f0e7eca4e855029d552fdfcdef633e7d3b392ba100b

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b056cff10a16ec1a6309dce0079753fe0b86f2c374355a83ba3438ef2bc04bfe45e78252c30c6c54d2521dc87181d6c4a46f2ec936aa31fbd3f212d85fec5b13

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\prefs-1.js
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            89f58c72d856f34c77f65bcf35b247ad

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            3932fa15646d47a3fed44aca9490565d2901e682

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            de5a3f58c4f218d7ec8b57f9dec8a51b2e78a736f428ee2d6c9a5ced2f054ec1

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2951105793634201e41976428fb542731f2668f91677042822c7183d98c93135c2e47ad2bbe9df4d8c83c10750342bf1f2d5151a06d68f10e85ad9bcf776a62f

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\prefs-1.js
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            9KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            31b5e916bf79f72b265d77712d75f5d4

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            7f3032a761a1b63bd97c00b4aa7f3d044e1fa7db

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            44afdd680f75d4ebe0cf1df34a30aea7a2e5264e02d0e6c615f0d25e340b0539

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            10128f385ed646d0de2db7488b731870ea31429e608c86963ba1c11ef039f908eb004082e2288cafc7c518b47399abaf101ebeb02df5eaa7edb6688b361ea6ee

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\prefs-1.js
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            fe74214f52049607bb4fc5183ea3363f

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            ca0680abe5892e0f9355e883d4c12fc6bfd27cb5

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            81a4ac7534b27a3c29d1c6f9b97edffc281b9ba842a167acd0adbb7066970560

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            95996f4a11aa25415ddc5c68bd72ec351df9e7ca01ffa0fc360937c7c6131daf769925a2313d955992358640ff3ee57c8b15075beac804813cf08e6f91f0f7af

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\prefs.js
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            6303a40e45c48851b6441d9dd03809a6

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            dbb324269375f2a32060d8a62533efe04f6c06af

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            a67ac41e1320b3fa3d9760e3fb1e908145c95117d87223779e6759e0f7331ffd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            f4047c42a6c061bac0e49e505f96a2071763b39b576d7b2dfa7504e5a11361318bd20c53db27b9633b092781874b98c6eb7b794722f707ca22ee98144c61e798

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\sessionCheckpoints.json.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            288B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            362985746d24dbb2b166089f30cd1bb7

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            6520fc33381879a120165ede6a0f8aadf9013d3b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\storage\permanent\chrome\.metadata
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            29B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            95f940d634959cda3f4dfb0a14f87c01

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            0ceaa83048a724fb4633db081670c47882c7f388

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            867d754675ec1ab48b2bd6a3b98f8050c140a2e3511f3be3cd4b1ed40d5ee400

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3df6ef46992a2d047687acadf118e4774f33bb4ec8c68b95efcff6b0a87bc2bc57b1f95a9b0e17387bb373702c8e8c60d153009ffe20da70db7b11d1f40c172b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\storage\permanent\chrome\.metadata-v2
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            36B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            cfd2a0f435b1ff03e8ae0c1f8e387fef

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            0308f459b5a8a3de999f8344ec4d342885bffa7c

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9e64d6651308ad4096110f3ffe1d328f5b4b0c81a3af935985c2ada4740f1295

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            31c142891bb460c42310ba4849bbe1fd1b517323c7a374f822e580e276994605ae9b93dc699f4c0d6aefd6fc792976326adc4c2a7a249744f2b083db6bcfa668

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            2af954b3270dc58b08d9270401dd2b3b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            bb6bbf2cf0e6dbd477d65806ae23b4a528b9d5c2

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            b56a0c4229e472d5c190a044660b50773105ed44719121c98af2a9e3d491eaf7

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            940514ae8673baa85d54184c295d4f6ba1f28af085f808f63056da38404f1bd3b7b2c5c57c9e627a9df34707b4a3f7c21963c62e1283477aaa3ed1e061b14d4c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            80KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            ea165a08245b81bacc57bd613409a7af

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            18b981c6148f96fe6498830e7cf46bb8f9003f47

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            daab37596b006c1c3ca0ae08364a7353c90dc19192e152f2c4c727462cd30ec4

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            3ebd3b62c0debe17b704909f10fad087bf975dd8a07ade010d4628aafe444cb1dbadc50ea95931fd125fd183194f472d4ef0f61ffb74dfbb2d7d4dbebc81c7ab

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3n2hkb1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            440KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            d9758f8cd9494228afd8f25296abdb8a

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            196ef337702d039067c933a228729e3348d925bf

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ed36869898ed0e5c1ee7f091c0b329679da2aa4fb4758ab439d58fd85a9ad094

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            b85f93d8391e7b445b1f899b6a6c8824c341f44533b5c778a4a739d2815ee5f6641eae81f16bff9c4340a92c3d35317ce09d33f375e31104a55baab81390e0e4

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\USCE1-50FTX-TZTXH-THTOY.HTML
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            8KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            08690ed7c6154c2a78b9d5e837786ae7

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f14fa8ce9b9f4e47fda3dd4e277b0dedd042f190

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            3dab81d2216cecd86e60753d970ba1e98de166eaf5335522337c6961d9b393a3

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            ce48a1c5868f75fa77c86d17d35e18904832d7d9ea051981bbe4c870e60c6d7da625eeb1cc1ca725d22e4a7478e067c43d5cab45902532d7359f3be46a89098e

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\USCE1-50FTX-TZTXH-THTOY.KEY
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            0ca625021b73e196ebbd74417bb6337e

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            80078474e259d48e1a6f67adf479e5bd2c007eff

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ac3a6c184b6196dd637fd8333c6b4be103bfb349fafca9b541dcc07bc0b83ce1

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            d6d4f7cb9778c4319f35cb053c7f0f0d2a8c5add4bbacdfe2cd71c1c823cb649ede11ae9daf9c9e5622ecf67f9ff0475aee2dcc55f7d0f6252af6ee04b56d70c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\USCE1-50FTX-TZTXH-THTOY.LST
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            2KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            ed3f3362001dc072d537f0dfa14b16a3

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            4aff6d6094d3dd2eb3938de1f3104609cbef3203

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            d01b0f63359f1408078d67f2fdc4045d766e9d167896bf7d1826bdb9b8994c2f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            1432b1e79cc4801b956696dff4c7767d2075c62f453eb38c4bebb3f2d107c5e9b4540066084cb7ef989b1e8075f3d9539d7b554d6aa0d3d97d7b19b61fdac5a4

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            17.0MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            e28513ca9e2f1a6ae9fd9d091aa0ddd5

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            005f28d8c55ac85a3f3f5d409998e49b582a02fd

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            c52d41ca67c7096f5922090748798445beba051a9926011ac7785fae5c227263

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            7758387b884428bda6ccfc6db92ad0506403aff643963abf141f0b7ac045ddaff48964551d861942272cc8bc6b9152c301bba1c62b2548c164aa134f6fab0a6c

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Desktop\bat.bat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            13B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            9e97eb7b4fe7e7b2978f9ebdf6896f2d

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            cdccef4e71f279347ff25fea52f53d5b640b0aea

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9d89a31f0e7b7d9fe52bf475b00ffb9fe24ea28d0905229467ee072246bb413b

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            8a50d83ac64ed0c96a1a4db4e18a909e93d108b0d35481340e6a829d914fad604b9a0ef860d902b978a475fd15e4dca304db6952aa51fe8cf2010c2319887c91

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\1d9b1da3-a0c9-459f-8763-d5a309aef0fd.tmp
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10.6MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            e9e5596b42f209cc058b55edc2737a80

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            f30232697b3f54e58af08421da697262c99ec48b

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\@[email protected]
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            933B

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            f97d2e6f8d820dbd3b66f21137de4f09

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            596799b75b5d60aa9cd45646f68e9c0bd06df252

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 55252.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            24KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            4a4a6d26e6c8a7df0779b00a42240e7b

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            8072bada086040e07fa46ce8c12bf7c453c0e286

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 676046.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.4MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            63210f8f1dde6c40a7f3643ccf0ff313

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            57edd72391d710d71bead504d44389d0462ccec9

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 697646.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            48KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            86a3a3ce16360e01933d71d0bf1f2c37

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            af54089e3601c742d523b507b3a0793c2b6e60be

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            2ebe23ba9897d9c127b9c0a737ba63af8d0bcd76ec866610cc0b5de2f62b87bd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            65a3571cf5b057d2c3ce101346947679f162018fa5eadf79c5a6af6c0a3bc9b12731ff13f27629b14983ef8bc73fa9782cc0a9e6c44b0ffc2627da754c324d6e

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 768453.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            3.4MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            84c82835a5d21bbcf75a61706d8ab549

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 859201.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            390KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            5b7e6e352bacc93f7b80bc968b6ea493

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            e686139d5ed8528117ba6ca68fe415e4fb02f2be

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            63545fa195488ff51955f09833332b9660d18f8afb16bdf579134661962e548a

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            9d24af0cb00fb8a5e61e9d19cd603b5541a22ae6229c2acf498447e0e7d4145fee25c8ab9d5d5f18f554e6cbf8ca56b7ca3144e726d7dfd64076a42a25b3dfb6

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 884093.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            414KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            c850f942ccf6e45230169cc4bd9eb5c8

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            51c647e2b150e781bd1910cac4061a2cee1daf89

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 963401.crdownload
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            132KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            919034c8efb9678f96b47a20fa6199f2

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            747070c74d0400cffeb28fbea17b64297f14cfbd

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Users\Admin\Downloads\msg\m_finnish.wnry
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            37KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            35c2f97eea8819b1caebd23fee732d8f

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Windows\Logs\DISM\dism.log
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            2.2MB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            8b7f8920d229c7c7e5e474e17732a423

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            9afb855edc70dbe43d9b3b361243c3a25f80ce32

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            0461d15606f0137159dd14387b9c0abba9d93a953a12d02ea4587cd55624f3dd

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            4b3f61193110f2a92eefd2f4bfc5a2497b1a5458e7cfbea2998480a06875d05f77820d2d0eb6cff24ad1c7fa0dade5467a30001758d80c8489d99768e3a54e1b

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • C:\Windows\perfc.dat
                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            353KB

                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                            71b6a493388e7d0b40c83ce903bc6b04

                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                            34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d

                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                            027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                            072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f

                                                                                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                                                                                          • memory/444-1374-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            64KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1048-364-0x00000000059E0000-0x00000000059EA000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            40KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1048-363-0x0000000005800000-0x0000000005892000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            584KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1048-362-0x0000000005DB0000-0x0000000006356000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1048-361-0x0000000000EE0000-0x0000000000F4E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            440KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1412-1153-0x0000000000400000-0x0000000000407200-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            28KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1412-1286-0x0000000000400000-0x0000000000407200-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            28KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1412-779-0x00000000256F0000-0x0000000025721000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            196KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1412-780-0x00007FF8AA130000-0x00007FF8AA161000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            196KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1484-1154-0x0000000000400000-0x0000000000407200-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            28KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1836-4455-0x00000186B0590000-0x00000186B0596000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            24KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1836-4454-0x00000186CA790000-0x00000186CB7A6000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            16.1MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/1836-4453-0x00000186AF6F0000-0x00000186B018C000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            10.6MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2116-1019-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2116-1007-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2200-534-0x00000000009C0000-0x00000000009E5000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            148KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1255-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-983-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1316-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1287-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-982-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-981-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1037-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1094-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1136-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-984-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2464-1168-0x0000000000400000-0x00000000005DE000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            1.9MB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2492-904-0x00000000028E0000-0x000000000293E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            376KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2492-915-0x00000000028E0000-0x000000000293E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            376KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2492-893-0x00000000028E0000-0x000000000293E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            376KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2492-902-0x00000000028E0000-0x000000000293E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            376KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/2492-901-0x00000000028E0000-0x000000000293E000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            376KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/3108-521-0x0000000000400000-0x0000000000425000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            148KB

                                                                                                                                                                                                                                                                            Download

                                                                                                                                                                                                                                                                          • memory/3108-535-0x0000000000400000-0x0000000000425000-memory.dmp

                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                            148KB

                                                                                                                                                                                                                                                                            Download