badrabbit | hxxps://chromewebstore[.]google[.]com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm

Analysis

max time kernel
1633s
max time network
1782s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06/02/2025, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm

Score

10^/10

badrabbit defense_evasion discovery persistence ransomware trojan upx

Malware Config

Signatures

BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit
Badrabbit family
badrabbit

Modifies visibility of file extensions in Explorer 2 TTPs 32 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 32 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Downloads MZ/PE file 5 IoCs

flow	pid	Process
436	3580	msedge.exe
436	3580	msedge.exe
436	3580	msedge.exe
436	3580	msedge.exe
436	3580	msedge.exe

Executes dropped EXE 64 IoCs

pid	Process
2024	Floxif (1).exe
2472	Floxif (1).exe
1372	Floxif (1).exe
1844	Floxif (1).exe
4740	Floxif.exe
5076	Floxif.exe
3224	Floxif.exe
396	Floxif.exe
3512	Floxif.exe
3180	Floxif.exe
400	Floxif.exe
4448	Floxif.exe
1460	Floxif.exe
3848	Floxif.exe
1908	Floxif.exe
3532	Floxif.exe
4512	Floxif.exe
4856	Floxif.exe
456	Floxif.exe
1768	Floxif.exe
1600	Floxif.exe
5076	Floxif.exe
2604	Floxif.exe
2204	Floxif.exe
3564	Floxif.exe
3024	Floxif.exe
1844	Floxif.exe
4688	Floxif.exe
2064	Floxif.exe
3692	Floxif.exe
3576	Floxif.exe
1576	Floxif.exe
2700	Floxif.exe
3312	Floxif.exe
1048	Floxif.exe
1900	Floxif.exe
4000	Floxif.exe
4704	Floxif.exe
3512	Floxif.exe
5920	Floxif (1).exe
6000	Floxif (1).exe
5936	Floxif (1).exe
5952	Floxif (1).exe
6416	Floxif (1).exe
6424	Floxif (1).exe
6432	Floxif (1).exe
6448	Floxif (1).exe
6440	Floxif (1).exe
6460	Floxif (1).exe
6472	Floxif (1).exe
6480	Floxif (1).exe
6488	Floxif (1).exe
6496	Floxif (1).exe
6504	Floxif (1).exe
6512	Floxif (1).exe
6520	Floxif (1).exe
6528	Floxif (1).exe
6536	Floxif (1).exe
6544	Floxif (1).exe
6552	Floxif (1).exe
6568	Floxif (1).exe
6576	Floxif (1).exe
6584	Floxif (1).exe
6592	Floxif (1).exe

Loads dropped DLL 64 IoCs

pid	Process
2024	Floxif (1).exe
2472	Floxif (1).exe
1372	Floxif (1).exe
1844	Floxif (1).exe
4740	Floxif.exe
5076	Floxif.exe
3224	Floxif.exe
396	Floxif.exe
3512	Floxif.exe
3180	Floxif.exe
400	Floxif.exe
4448	Floxif.exe
3848	Floxif.exe
1908	Floxif.exe
3532	Floxif.exe
4856	Floxif.exe
4512	Floxif.exe
1460	Floxif.exe
456	Floxif.exe
1768	Floxif.exe
1600	Floxif.exe
5076	Floxif.exe
2604	Floxif.exe
3564	Floxif.exe
3024	Floxif.exe
1844	Floxif.exe
4688	Floxif.exe
2064	Floxif.exe
2204	Floxif.exe
3692	Floxif.exe
3576	Floxif.exe
1576	Floxif.exe
2700	Floxif.exe
3312	Floxif.exe
1900	Floxif.exe
4704	Floxif.exe
3512	Floxif.exe
4000	Floxif.exe
1048	Floxif.exe
5936	Floxif (1).exe
5952	Floxif (1).exe
6000	Floxif (1).exe
5920	Floxif (1).exe
6416	Floxif (1).exe
6424	Floxif (1).exe
6432	Floxif (1).exe
6448	Floxif (1).exe
6460	Floxif (1).exe
6472	Floxif (1).exe
6480	Floxif (1).exe
6488	Floxif (1).exe
6496	Floxif (1).exe
6504	Floxif (1).exe
6512	Floxif (1).exe
6520	Floxif (1).exe
6528	Floxif (1).exe
6536	Floxif (1).exe
6544	Floxif (1).exe
6552	Floxif (1).exe
6568	Floxif (1).exe
6576	Floxif (1).exe
6584	Floxif (1).exe
6592	Floxif (1).exe
6608	Floxif (1).exe

Adds Run key to start application 2 TTPs 11 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AqAEoIAA.exe = "C:\\ProgramData\\BsgUsIUY\\AqAEoIAA.exe"	PolyRansom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	JeccYMUc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	PolyRansom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AqAEoIAA.exe = "C:\\ProgramData\\BsgUsIUY\\AqAEoIAA.exe"	AqAEoIAA.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JeccYMUc.exe = "C:\\Users\\Admin\\SIIMMEAA\\JeccYMUc.exe"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AqAEoIAA.exe = "C:\\ProgramData\\BsgUsIUY\\AqAEoIAA.exe"	Process not Found

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\e:	Floxif.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe
File opened (read-only)	\??\n:	cmd.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
435	raw.githubusercontent.com
436	raw.githubusercontent.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-2814-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2472-2816-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2024-2819-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2472-2822-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1372-2823-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1372-2826-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1844-2836-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1844-2839-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4740-2882-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4740-2885-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5076-2886-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5076-2889-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3224-2890-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/396-2891-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3224-2894-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3512-2895-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/396-2898-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3512-2901-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3180-2904-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4448-2906-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1768-2914-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2604-2917-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1844-2920-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3024-2919-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3564-2918-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5076-2916-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1600-2915-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/456-2913-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1460-2912-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4512-2911-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4856-2910-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3532-2909-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1908-2908-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3848-2907-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2064-2922-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/400-2905-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1048-2935-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4000-2934-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5920-3047-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/6000-3046-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5952-3045-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5936-3044-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1460-3043-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4512-3042-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4856-3041-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3532-3040-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1908-3039-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3848-3038-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3512-2933-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4704-2932-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4448-2931-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/400-2930-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1900-2929-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3312-2928-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2700-2927-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1576-2926-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3576-2925-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3692-2924-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2204-2923-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4688-2921-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/6608-3078-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1844-3108-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3024-3107-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3564-3106-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File created	C:\Program Files\Common Files\System\symsrv.dll	Floxif (1).exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\dispci.exe	rundll32.exe
File opened for modification	C:\Windows\69D1.tmp	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2768	2024	WerFault.exe	315
456	2472	WerFault.exe	319
2604	1372	WerFault.exe	322
4884	1844	WerFault.exe	325
2524	4740	WerFault.exe	330
4400	5076	WerFault.exe	333
2420	3224	WerFault.exe	336
5068	396	WerFault.exe	339
2852	3512	WerFault.exe	342
2304	3180	WerFault.exe	345
5560	400	WerFault.exe	348
5768	3848	WerFault.exe	352
5808	3532	WerFault.exe	350
6020	1908	WerFault.exe	353
7640	4512	WerFault.exe	355
6012	736	WerFault.exe	477
7136	5336	WerFault.exe	484
8016	7724	WerFault.exe	495
7860	8172	WerFault.exe	504
2628	6204	WerFault.exe	528
7424	6164	WerFault.exe	513
5664	5716	WerFault.exe	520
5372	7060	WerFault.exe	562
7224	7284	WerFault.exe	564
6644	392	WerFault.exe	565
7804	7812	WerFault.exe	571
7068	7072	WerFault.exe	573
7064	3532	WerFault.exe	576
7044	7372	WerFault.exe	580
7696	6300	WerFault.exe	582
7440	7316	WerFault.exe	585
3204	7428	WerFault.exe	589
6484	5496	WerFault.exe	591
8160	6540	WerFault.exe	594
7848	7976	WerFault.exe	597
6340	1980	WerFault.exe	601
3756	5340	WerFault.exe	603
5924	6328	WerFault.exe	604
7184	1048	WerFault.exe	610
7828	5816	WerFault.exe	613
7348	2376	WerFault.exe	615
6988	7156	WerFault.exe	619
5300	5800	WerFault.exe	621
8104	8148	WerFault.exe	625
5940	6916	WerFault.exe	627
7908	5444	WerFault.exe	631
6256	7756	WerFault.exe	633
6848	7884	WerFault.exe	636
8176	7520	WerFault.exe	640
6696	6036	WerFault.exe	642
6816	6760	WerFault.exe	645
7536	6896	WerFault.exe	649
6836	7140	WerFault.exe	651
6972	1776	WerFault.exe	654
7740	7504	WerFault.exe	658
6516	5504	WerFault.exe	660
7248	6228	WerFault.exe	664
5644	7436	WerFault.exe	667
7476	7220	WerFault.exe	669
3660	6268	WerFault.exe	673
5284	4740	WerFault.exe	675
6192	7840	WerFault.exe	678
2648	6748	WerFault.exe	682
5376	7508	WerFault.exe	684

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AqAEoIAA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PolyRansom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833529278512722"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4003209913-3868522715-854928974-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	NOTEPAD.EXE

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
14708	Process not Found
6040	Process not Found
8600	Process not Found
13200	Process not Found
2336	Process not Found
14396	Process not Found
9832	Process not Found
9008	Process not Found
9656	Process not Found
13840	Process not Found
9584	Process not Found
14388	Process not Found
1460	Process not Found
9900	Process not Found
8880	Process not Found
10612	Process not Found
4028	reg.exe
12092	Process not Found
13764	Process not Found
8540	Process not Found
10324	Process not Found
11796	Process not Found
12104	Process not Found
9168	Process not Found
7200	Process not Found
15060	Process not Found
8700	Process not Found
5648	Process not Found
9004	Process not Found
8236	Process not Found
6352	Process not Found
11492	Process not Found
13196	Process not Found
10488	Process not Found
13064	Process not Found
14232	Process not Found
12848	Process not Found
4244	Process not Found
5040	Process not Found
13220	Process not Found
12564	Process not Found
4464	Process not Found
7064	Process not Found
3296	Process not Found
15332	Process not Found
8196	Process not Found
5476	Process not Found
8564	Process not Found
13032	Process not Found
12508	Process not Found
4796	Process not Found
14000	Process not Found
14496	Process not Found
8656	Process not Found
13756	Process not Found
6124	Process not Found
8408	Process not Found
6924	Process not Found
3760	Process not Found
4988	Process not Found
5832	Process not Found
872	reg.exe
32	Process not Found
2376	Process not Found

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 823314.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 461992.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 465523.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 4275.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 818278.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 396166.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 185528.crdownload:SmartScreen	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
6452	schtasks.exe
7348	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
372	msedge.exe
372	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
2752	chrome.exe
2752	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
1612	msedge.exe
1612	msedge.exe
3644	msedge.exe
3644	msedge.exe
2260	identity_helper.exe
2260	identity_helper.exe
1904	msedge.exe
1904	msedge.exe
3084	msedge.exe
3084	msedge.exe
1168	identity_helper.exe
1168	identity_helper.exe
3580	msedge.exe
3580	msedge.exe
5104	msedge.exe
5104	msedge.exe
644	identity_helper.exe
644	identity_helper.exe
5088	msedge.exe
5088	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
1900	msedge.exe
1900	msedge.exe
4392	msedge.exe
4392	msedge.exe
3480	msedge.exe
3480	msedge.exe
4500	msedge.exe
4500	msedge.exe
3848	Floxif.exe
3848	Floxif.exe
3848	msedge.exe
3848	msedge.exe
2852	msedge.exe
2852	msedge.exe
5844	rundll32.exe
5844	rundll32.exe
5844	rundll32.exe
5844	rundll32.exe
7184	69D1.tmp
7184	69D1.tmp
7184	69D1.tmp
7184	69D1.tmp
7184	69D1.tmp
7184	69D1.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2648	OpenWith.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
372	msedge.exe
372	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
824	NOTEPAD.EXE
824	NOTEPAD.EXE
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
2648	OpenWith.exe
4336	FileHistory.exe
4336	FileHistory.exe
4336	FileHistory.exe
4336	FileHistory.exe
4336	FileHistory.exe
4336	FileHistory.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 3604	372	msedge.exe	84
PID 372 wrote to memory of 3604	372	msedge.exe	84
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4224	372	msedge.exe	85
PID 372 wrote to memory of 4044	372	msedge.exe	86
PID 372 wrote to memory of 4044	372	msedge.exe	86
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87
PID 372 wrote to memory of 3020	372	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://chromewebstore.google.com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bee746f8,0x7ff8bee74708,0x7ff8bee74718
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8357021308211053406,17763583564835080000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8aea3cc40,0x7ff8aea3cc4c,0x7ff8aea3cc58
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4520,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3412,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3352,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3440,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3484,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3188,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5628,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1124,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4048 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5732,i,15506410855556650059,11131929408712268336,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1848
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff726a34698,0x7ff726a346a4,0x7ff726a346b0
    3⤵
    - Drops file in Program Files directory
    PID:4616
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4440
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff726a34698,0x7ff726a346a4,0x7ff726a346b0
    3⤵
    - Drops file in Program Files directory
    PID:3460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4168

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8bee746f8,0x7ff8bee74708,0x7ff8bee74718
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10282226229213014125,7786154059250103745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding
1⤵
PID:2712

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bee746f8,0x7ff8bee74708,0x7ff8bee74718
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4158100139025569602,2666860144162430639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SetWindowsHookEx
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bee746f8,0x7ff8bee74708,0x7ff8bee74718
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7112 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6824 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:2024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 432
    3⤵
    - Program crash
    PID:2768
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 400
    3⤵
    - Program crash
    PID:456
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 400
    3⤵
    - Program crash
    PID:2604
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 400
    3⤵
    - Program crash
    PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 432
    3⤵
    - Program crash
    PID:2524
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 400
    3⤵
    - Program crash
    PID:4400
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3224
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 420
    3⤵
    - Program crash
    PID:2420
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:396
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 400
    3⤵
    - Program crash
    PID:5068
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 400
    3⤵
    - Program crash
    PID:2852
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 400
    3⤵
    - Program crash
    PID:2304
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 372
    3⤵
    - Program crash
    PID:5560
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4448
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 400
    3⤵
    - Program crash
    PID:5808
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1460
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 408
    3⤵
    - Program crash
    PID:5768
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 400
    3⤵
    - Program crash
    PID:6020
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 192
    3⤵
    - Program crash
    PID:7640
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1768
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4856
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:456
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4688
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2064
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1600
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5076
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2604
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2204
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3692
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3576
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1576
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2700
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3312
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3564
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3024
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1048
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1844
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1900
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4704
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3512
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4000
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5920
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5936
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5952
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6000
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6416
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6424
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6432
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  PID:6440
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6448
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6460
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6472
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6480
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6488
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6496
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6504
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6512
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6520
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6528
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6536
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6544
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6552
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:6560
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6568
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6576
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6584
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6592
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:6600
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  - Loads dropped DLL
  PID:6608
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:6744
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:6752
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:7296
- C:\Users\Admin\Downloads\Floxif (1).exe
  "C:\Users\Admin\Downloads\Floxif (1).exe"
  2⤵
  PID:7388
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6976
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 400
    3⤵
    - Program crash
    PID:6012
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7224
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7476
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 400
    3⤵
    - Program crash
    PID:7136
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:3304
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7088
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7792
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6028
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 400
    3⤵
    - Program crash
    PID:8016
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7668
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7776
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7944
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 404
    3⤵
    - Program crash
    PID:7860
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6492
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8116
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5724
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 400
    3⤵
    - Program crash
    PID:7424
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5376
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6180
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7300
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6240
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8004
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6484
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 404
    3⤵
    - Program crash
    PID:5664
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5496
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6248
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8136
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6532
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5648
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6192
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6272
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 400
    3⤵
    - Program crash
    PID:2628
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6572
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6300
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7188
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:828
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6748
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7428
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6016
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 400
    3⤵
    - Program crash
    PID:5372
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7284
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 372
    3⤵
    - Program crash
    PID:7224
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:392
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 400
    3⤵
    - Program crash
    PID:6644
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 400
    3⤵
    - Program crash
    PID:7804
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 400
    3⤵
    - Program crash
    PID:7068
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:3532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 400
    3⤵
    - Program crash
    PID:7064
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 400
    3⤵
    - Program crash
    PID:7044
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6300
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 400
    3⤵
    - Program crash
    PID:7696
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 372
    3⤵
    - Program crash
    PID:7440
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 400
    3⤵
    - Program crash
    PID:3204
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 400
    3⤵
    - Program crash
    PID:6484
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 400
    3⤵
    - Program crash
    PID:8160
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 400
    3⤵
    - Program crash
    PID:7848
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 400
    3⤵
    - Program crash
    PID:6340
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 408
    3⤵
    - Program crash
    PID:3756
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 372
    3⤵
    - Program crash
    PID:5924
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:1048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 400
    3⤵
    - Program crash
    PID:7184
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 400
    3⤵
    - Program crash
    PID:7828
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:2376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 400
    3⤵
    - Program crash
    PID:7348
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 372
    3⤵
    - Program crash
    PID:6988
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 400
    3⤵
    - Program crash
    PID:5300
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 372
    3⤵
    - Program crash
    PID:8104
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 400
    3⤵
    - Program crash
    PID:5940
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5444
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 400
    3⤵
    - Program crash
    PID:7908
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 400
    3⤵
    - Program crash
    PID:6256
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 400
    3⤵
    - Program crash
    PID:6848
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 400
    3⤵
    - Program crash
    PID:8176
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 400
    3⤵
    - Program crash
    PID:6696
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 400
    3⤵
    - Program crash
    PID:6816
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 372
    3⤵
    - Program crash
    PID:7536
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 400
    3⤵
    - Program crash
    PID:6836
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:1776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 400
    3⤵
    - Program crash
    PID:6972
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 400
    3⤵
    - Program crash
    PID:7740
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 400
    3⤵
    - Program crash
    PID:6516
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 400
    3⤵
    - Program crash
    PID:7248
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 372
    3⤵
    - Program crash
    PID:5644
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 400
    3⤵
    - Program crash
    PID:7476
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6268
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 400
    3⤵
    - Program crash
    PID:3660
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:4740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 400
    3⤵
    - Program crash
    PID:5284
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 408
    3⤵
    - Program crash
    PID:6192
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 400
    3⤵
    - Program crash
    PID:2648
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 400
    3⤵
    - Program crash
    PID:5376
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 400
    3⤵
    PID:7380
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 400
    3⤵
    PID:7192
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8152
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 400
    3⤵
    PID:7692
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 400
    3⤵
    PID:456
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7552
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 372
    3⤵
    PID:7916
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:1380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 372
    3⤵
    PID:5780
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:5836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 400
    3⤵
    PID:6456
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 400
    3⤵
    PID:6004
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 400
    3⤵
    PID:7356
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:3312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 400
    3⤵
    PID:6880
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 400
    3⤵
    PID:2372
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 408
    3⤵
    PID:6128
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 400
    3⤵
    PID:5500
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 404
    3⤵
    PID:6440
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6668
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 400
    3⤵
    PID:7028
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:4324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 400
    3⤵
    PID:6800
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 400
    3⤵
    PID:6184
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 400
    3⤵
    PID:4428
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:8080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 408
    3⤵
    PID:1752
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6600
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 400
    3⤵
    PID:4956
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 400
    3⤵
    PID:6816
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 400
    3⤵
    PID:6552
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 400
    3⤵
    PID:5568
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 400
    3⤵
    PID:6012
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:7008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 400
    3⤵
    PID:5792
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:6876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 388
    3⤵
    PID:6648
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  PID:3692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 400
    3⤵
    PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10784 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:7768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:5340
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5844
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Delete /F /TN rhaegal
      4⤵
      PID:6328
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Delete /F /TN rhaegal
        5⤵
        
        PID:4224
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2993918448 && exit"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7716
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2993918448 && exit"
        5⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:6452
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:41:00
      4⤵
      PID:3180
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:41:00
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:7348
  - - C:\Windows\69D1.tmp
      "C:\Windows\69D1.tmp" \\.\pipe\{41D84D7A-DD93-4089-BC2F-23D34DC93EA6}
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7184
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6624
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:2372
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:2112
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7156
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:8164
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6148
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7404
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7412
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6528
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:4500
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6764
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7232
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7884
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:6716
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7960
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:7032
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6960
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6968
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:6200
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:3512
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:7236
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:232
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:5508
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7504
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:2020
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:1104
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6636
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:7056
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7040
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:2808
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:5804
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7120
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:3028
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:3952
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:4168
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:4604
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:5904
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6084
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:6068
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:5456
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7764
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:3780
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:5308
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1268
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:5108
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:4988
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:5624
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7892
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7948
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:8188
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:8000
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:7692
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:428
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:5496
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:2700
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2964
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:7648
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:7792
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:5728
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:736
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:4392
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6628
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:548
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:8060
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6000
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:2112
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:7156
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6372
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:6660
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:6488
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7412
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6820
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:5192
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:6256
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  PID:7232
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:4956
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:4532
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    PID:6768
- C:\Users\Admin\Downloads\BadRabbit.exe
  "C:\Users\Admin\Downloads\BadRabbit.exe"
  2⤵
  - Drops file in Windows directory
  PID:8036
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:7928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10932 /prefetch:8
  2⤵
  PID:7808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,13460221262253638855,10812730014076666940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11336 /prefetch:8
  2⤵
  PID:3660
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - Adds Run key to start application
  PID:3028
- - C:\Users\Admin\SIIMMEAA\JeccYMUc.exe
    "C:\Users\Admin\SIIMMEAA\JeccYMUc.exe"
    3⤵
    - Adds Run key to start application
    PID:4716
- - C:\ProgramData\BsgUsIUY\AqAEoIAA.exe
    "C:\ProgramData\BsgUsIUY\AqAEoIAA.exe"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:7384
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:6204
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      PID:2884
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:5252
      - C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        6⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        7⤵
        
        PID:1908
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        9⤵
        
        PID:3256
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7792
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        12⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        13⤵
        
        PID:5700
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        15⤵
        
        PID:8032
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        16⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        17⤵
        
        PID:6256
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        18⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        19⤵
        
        PID:6992
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        20⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        21⤵
        
        PID:7888
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        22⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        23⤵
        
        PID:2500
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        24⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        25⤵
        
        PID:3320
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        26⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        27⤵
        
        PID:7516
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        28⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        29⤵
        
        PID:2376
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        31⤵
        
        PID:5820
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        32⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        33⤵
        
        PID:6880
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        34⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        35⤵
        
        PID:6392
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        36⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        37⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        37⤵
        
        PID:264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        37⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        37⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIswYQUs.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        37⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        35⤵
        Modifies visibility of file extensions in Explorer
        
        PID:7872
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        35⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        35⤵
        UAC bypass
        
        PID:5180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMQAoAkQ.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        35⤵
        
        PID:32
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        36⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        33⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        33⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        33⤵
        UAC bypass
        
        PID:5552
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LKAEwkgE.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        33⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        34⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        31⤵
        Modifies visibility of file extensions in Explorer
        
        PID:8020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        31⤵
        UAC bypass
        
        PID:7244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsEAkgwA.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        31⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        32⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        29⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        29⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        29⤵
        UAC bypass
        
        PID:6804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FQUYUkok.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        29⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        30⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        27⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2964
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        27⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        27⤵
        UAC bypass
        
        PID:7488
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reMoQYwg.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        27⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        28⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        25⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        25⤵
        
        PID:448
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        25⤵
        UAC bypass
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IassskEU.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        25⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        26⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        23⤵
        Modifies visibility of file extensions in Explorer
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        23⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        23⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMUIMIoc.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        23⤵
        
        PID:744
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        24⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        21⤵
        Modifies visibility of file extensions in Explorer
        System Location Discovery: System Language Discovery
        
        PID:7572
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        21⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        21⤵
        UAC bypass
        
        PID:7296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYQAUQow.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        21⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        22⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        19⤵
        Modifies visibility of file extensions in Explorer
        
        PID:7920
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        19⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        19⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:7584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmwAEscQ.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        19⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        20⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        17⤵
        Modifies visibility of file extensions in Explorer
        
        PID:7560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        17⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        17⤵
        UAC bypass
        
        PID:6036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSkEMIIA.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        17⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        18⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        15⤵
        Modifies visibility of file extensions in Explorer
        
        PID:6800
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        15⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        15⤵
        UAC bypass
        
        PID:6488
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HyAYAUUQ.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        15⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        16⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        13⤵
        Modifies visibility of file extensions in Explorer
        
        PID:2056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        13⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        13⤵
        UAC bypass
        
        PID:8060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIkQEwkc.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        13⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        14⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        11⤵
        Modifies visibility of file extensions in Explorer
        
        PID:6452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        11⤵
        UAC bypass
        
        PID:4972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iiMMIYgM.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        11⤵
        
        PID:400
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        12⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        9⤵
        Modifies visibility of file extensions in Explorer
        
        PID:7924
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        9⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        9⤵
        UAC bypass
        
        PID:7488
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sUQEcMwE.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        10⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        7⤵
        Modifies visibility of file extensions in Explorer
        
        PID:6984
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        7⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        7⤵
        UAC bypass
        
        PID:6284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OeIIwoUc.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        7⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        8⤵
        
        PID:5208
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        Modifies visibility of file extensions in Explorer
        
        PID:3092
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        
        PID:5068
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        UAC bypass
        
        PID:2460
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pssgwIEU.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        
        PID:1268
      - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        6⤵
        
        PID:5596
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    PID:4604
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:5976
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:5896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nKYEgAgo.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:5968
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:5460
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:8104
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:232
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      System Location Discovery: System Language Discovery
      PID:3068
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:6244
      - C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        6⤵
        
        PID:32
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        8⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        9⤵
        
        PID:5344
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        10⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        11⤵
        
        PID:8184
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        13⤵
        
        PID:6432
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        14⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        15⤵
        
        PID:3264
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        16⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        17⤵
        
        PID:7112
        
        C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        18⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        19⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        19⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        19⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        19⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGAssgkI.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        19⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        17⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5396
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        17⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        17⤵
        UAC bypass
        
        PID:8180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YqcgQsoY.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        17⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        15⤵
        Modifies visibility of file extensions in Explorer
        
        PID:1972
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        15⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        15⤵
        UAC bypass
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\soEowocE.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        16⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        13⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5424
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        13⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        13⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juEgcwEI.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        14⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        11⤵
        Modifies visibility of file extensions in Explorer
        
        PID:6764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        11⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        11⤵
        UAC bypass
        
        PID:7176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIUQMQMs.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7480
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        9⤵
        Modifies visibility of file extensions in Explorer
        
        PID:6996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        9⤵
        
        PID:224
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        9⤵
        UAC bypass
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VokMksgk.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        7⤵
        Modifies visibility of file extensions in Explorer
        System Location Discovery: System Language Discovery
        
        PID:8188
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        7⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        7⤵
        UAC bypass
        
        PID:5264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQYEIEQU.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        7⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5928
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        UAC bypass
        
        PID:4180
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgkUIoQY.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        
        PID:5848
      - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        6⤵
        
        PID:5384
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    PID:5760
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:5688
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:5732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SmYcIIQQ.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:5740
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:1972
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6280
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:452
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      PID:5240
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:7904
      - C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        7⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        7⤵
        Modifies registry key
        
        PID:4028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        7⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        7⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKQEUcso.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        7⤵
        
        PID:6648
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5148
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        
        PID:7440
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        UAC bypass
        
        PID:5128
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KGoMsEQI.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        
        PID:3740
      - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        6⤵
        
        PID:8044
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    - System Location Discovery: System Language Discovery
    PID:7592
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:1168
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:7072
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ECwYsMkE.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:6272
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:2084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:3088
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      PID:4740
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:8152
      - C:\Users\Admin\Downloads\PolyRansom.exe
        
        C:\Users\Admin\Downloads\PolyRansom
        6⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        7⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        7⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        7⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        7⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMkMYwQk.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        7⤵
        
        PID:7400
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        Modifies visibility of file extensions in Explorer
        
        PID:5004
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        
        PID:7484
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        UAC bypass
        
        PID:6888
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmcwAAEY.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        
        PID:2700
      - C:\Windows\SysWOW64\cscript.exe
        
        cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
        6⤵
        
        PID:1904
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    PID:5528
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:2940
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:7808
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMwUMoAk.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:7040
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:7832
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7964
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:5740
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      PID:6860
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:6024
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        
        PID:7732
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        
        PID:6132
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        
        PID:6768
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TaUowkck.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8028
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    - System Location Discovery: System Language Discovery
    PID:2936
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:5616
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:7604
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kYgQYocI.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:7812
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:6196
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:988
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:5416
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4044
  - - C:\Users\Admin\Downloads\PolyRansom.exe
      C:\Users\Admin\Downloads\PolyRansom
      4⤵
      System Location Discovery: System Language Discovery
      PID:6008
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
        5⤵
        
        PID:5716
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        
        PID:6280
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        
        PID:5908
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        
        PID:1352
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGsYYows.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
        5⤵
        
        PID:6532
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    - Modifies registry key
    PID:872
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5460
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:6204
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qsAUAcok.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5556
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:6528
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5248
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:7792
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies visibility of file extensions in Explorer
    PID:5700
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:8144
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - UAC bypass
    PID:6796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IcIIEwEU.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:2056
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:7960
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:2648
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:5408
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    PID:5992
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VssIUooE.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:6136
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:5920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:6092
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7976
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:3816
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:4164
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:6672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:3892
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    PID:4964
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:2168
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    PID:7692
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vaUEsAIA.bat" "C:\Users\Admin\Downloads\PolyRansom.exe""
    3⤵
    PID:7948
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6684
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:6168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:5528
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    PID:6384
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    PID:5496
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:8124
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:8040
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:5324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:6156
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5508
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7296
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:1220
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom"
    3⤵
    PID:2936
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:3512
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6348
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7460
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:1060
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7640
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7780
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:6568
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:3692
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:8036
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4672
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:3212
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7588
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:2672
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4464
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7052
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7824
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:1780
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:5432
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2372
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:2336
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:7180
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:6924
- C:\Users\Admin\Downloads\PolyRansom.exe
  "C:\Users\Admin\Downloads\PolyRansom.exe"
  2⤵
  PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2648
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ZOD-master.zip\ZOD-master\README.md
  2⤵
  PID:748

C:\Windows\System32\FileHistory.exe
"C:\Windows\System32\FileHistory.exe" "C:\Users\Admin\Documents\42"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:3912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:2860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:3276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:1776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2024 -ip 2024
1⤵
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2472 -ip 2472
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1372 -ip 1372
1⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1844 -ip 1844
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4740 -ip 4740
1⤵
PID:828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5076 -ip 5076
1⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3224 -ip 3224
1⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 396 -ip 396
1⤵
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3512 -ip 3512
1⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3180 -ip 3180
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 400 -ip 400
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3848 -ip 3848
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1908 -ip 1908
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4448 -ip 4448
1⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3532 -ip 3532
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4856 -ip 4856
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 456 -ip 456
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1460 -ip 1460
1⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4512 -ip 4512
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1768 -ip 1768
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1600 -ip 1600
1⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5076 -ip 5076
1⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3024 -ip 3024
1⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3564 -ip 3564
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1844 -ip 1844
1⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2604 -ip 2604
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 4688 -ip 4688
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 2064 -ip 2064
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 2204 -ip 2204
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 2700 -ip 2700
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3312 -ip 3312
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1900 -ip 1900
1⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3692 -ip 3692
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 3576 -ip 3576
1⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 1576 -ip 1576
1⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 4704 -ip 4704
1⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 3512 -ip 3512
1⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4000 -ip 4000
1⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1048 -ip 1048
1⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5936 -ip 5936
1⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6000 -ip 6000
1⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5952 -ip 5952
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 5920 -ip 5920
1⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6424 -ip 6424
1⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6416 -ip 6416
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6448 -ip 6448
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6432 -ip 6432
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6460 -ip 6460
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6472 -ip 6472
1⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6480 -ip 6480
1⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6488 -ip 6488
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6496 -ip 6496
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6504 -ip 6504
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6512 -ip 6512
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 6520 -ip 6520
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6528 -ip 6528
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6536 -ip 6536
1⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 6552 -ip 6552
1⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 6544 -ip 6544
1⤵
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6568 -ip 6568
1⤵
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6576 -ip 6576
1⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6584 -ip 6584
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 6592 -ip 6592
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6608 -ip 6608
1⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6744 -ip 6744
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6440 -ip 6440
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6752 -ip 6752
1⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6560 -ip 6560
1⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6600 -ip 6600
1⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 7296 -ip 7296
1⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7388 -ip 7388
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 6976 -ip 6976
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 736 -ip 736
1⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7224 -ip 7224
1⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7476 -ip 7476
1⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5336 -ip 5336
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 3304 -ip 3304
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7088 -ip 7088
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7792 -ip 7792
1⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6028 -ip 6028
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7724 -ip 7724
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7668 -ip 7668
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 7776 -ip 7776
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7944 -ip 7944
1⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 8172 -ip 8172
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6492 -ip 6492
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 8116 -ip 8116
1⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5724 -ip 5724
1⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6180 -ip 6180
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 6484 -ip 6484
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6248 -ip 6248
1⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5716 -ip 5716
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5648 -ip 5648
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5496 -ip 5496
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8136 -ip 8136
1⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6164 -ip 6164
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5376 -ip 5376
1⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6240 -ip 6240
1⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7300 -ip 7300
1⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 8004 -ip 8004
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7428 -ip 7428
1⤵
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6204 -ip 6204
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6016 -ip 6016
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6572 -ip 6572
1⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 828 -ip 828
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6748 -ip 6748
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 6300 -ip 6300
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6532 -ip 6532
1⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6192 -ip 6192
1⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7188 -ip 7188
1⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6272 -ip 6272
1⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 7060 -ip 7060
1⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7284 -ip 7284
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 392 -ip 392
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7812 -ip 7812
1⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7072 -ip 7072
1⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3532 -ip 3532
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 7372 -ip 7372
1⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6300 -ip 6300
1⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7316 -ip 7316
1⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7428 -ip 7428
1⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5496 -ip 5496
1⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6540 -ip 6540
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7976 -ip 7976
1⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1980 -ip 1980
1⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5340 -ip 5340
1⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6328 -ip 6328
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 1048 -ip 1048
1⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5816 -ip 5816
1⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2376 -ip 2376
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 7156 -ip 7156
1⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5800 -ip 5800
1⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8148 -ip 8148
1⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6916 -ip 6916
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5444 -ip 5444
1⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 7756 -ip 7756
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 7884 -ip 7884
1⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 7520 -ip 7520
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6036 -ip 6036
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6760 -ip 6760
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 6896 -ip 6896
1⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7140 -ip 7140
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1776 -ip 1776
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7504 -ip 7504
1⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5504 -ip 5504
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6228 -ip 6228
1⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7436 -ip 7436
1⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7220 -ip 7220
1⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6268 -ip 6268
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4740 -ip 4740
1⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7840 -ip 7840
1⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6748 -ip 6748
1⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7508 -ip 7508
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 6948 -ip 6948
1⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7400 -ip 7400
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 8152 -ip 8152
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 7516 -ip 7516
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 7552 -ip 7552
1⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5140 -ip 5140
1⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 1380 -ip 1380
1⤵
PID:396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 5836 -ip 5836
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 6492 -ip 6492
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 6292 -ip 6292
1⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3312 -ip 3312
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8060 -ip 8060
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7164 -ip 7164
1⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7156 -ip 7156
1⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6828 -ip 6828
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6668 -ip 6668
1⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4324 -ip 4324
1⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7952 -ip 7952
1⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7292 -ip 7292
1⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8080 -ip 8080
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6600 -ip 6600
1⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7388 -ip 7388
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6772 -ip 6772
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7204 -ip 7204
1⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 7524 -ip 7524
1⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7008 -ip 7008
1⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 6876 -ip 6876
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3692 -ip 3692
1⤵
PID:5508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:6912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\hbomb.bat" "
1⤵
- Enumerates connected drives
PID:7296

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:7524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
de10cc9097b453c795477ddfbf3825b5

SHA1
6fd43420e05894fa244c050841654173fbf35787

SHA256
28eeb2da212a88cbb4df5fdf7229a217895ababaf6a4a52a74075ca6cb0b0cc9

SHA512
4fa256557b384aff62b4a6342df0aebd55f55acac8abcea84765f4d720e60cdd44a9380a1af4b9ffc8ad0da962c24d583f80264c29daa71b7460d19fbd593706

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
034bf05bcc59e1f3f7df08813c6405b8

SHA1
6b9590bb9a2ae7f21e71b7d4600fe998f74cfea9

SHA256
fb78c49b049348c285c20fc0f09ba64af6b542a3655870228ec9f50d5c8213a7

SHA512
0bf329a823883e80a854f4fd80ce855f911df9ad1a31c167028e16adcf639bdb7e26094e65b82a5c130abef168881d0971dc6c2e880da68b8ebe399836788244

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
eca8cd576e743f80e6147bcb2b2384e1

SHA1
88fd7f5cd0b183d3c727ead7df4064d19bbfeefe

SHA256
d8f9064555e0addc53cd4e42c2f7e8b441de14b7dde8d45d6fa0219eeac8e647

SHA512
0b78a1e7ee170d85f7ff90341bace82a0cf88fbbca7972bca7ff5d783abc5cdcef2750239ee27703d9217321acfb0b71106361816364300541be77f3e3013cb7

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
ccf549e06349bc8e36c64c9087d70016

SHA1
04212ab8167be4f07c93f86ed05952cebbc125af

SHA256
cb6990fb57fcede520b35a299fd239287738a2a63ac301f50aad417a07d2ab78

SHA512
b79a828a671805483df796d4033af130174cf806f7741749d85859bacd6364ad3427a9268ae37b4c4a4dad2d39e55e8243f1acc648dfdcc6aaa5bc6e494e33f7

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
9445dc4c1ed7c23e7e9d1bddd04b30b5

SHA1
0efcd308c7c16610688e7d0a3da1183277587d17

SHA256
dd3d69e66d5ea019b706c8fe80c7c3f4021130e0a17eea0ba469e92f69f1c735

SHA512
f713423995d42bbfe852887b241c6a34a0dc96210d0e769d019e1563763b7c701c1fba429b8ec5e672d4aa4a04fcce69b42d611ab4784b37a970b9bf3c0bd9e4

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
2861662dc0a792fb9c9c21694f5b24f1

SHA1
c0866a5f5f3bf24779eee474056b0a89abea92c6

SHA256
6c69b6e74fc2cfc95751c7290baf3005f2579428286f286fb9e126a9c8a15acb

SHA512
577703fdf6a71c1657b623df677aa543a7abf312b26a76e20a5145a71033795a728e284eed0fcf8a4ab65432339e7bd445ff755672970f88de84444117a5abb0

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
13932bcd7848b4e236a705dad089dba5

SHA1
66d8c7cbc36c005d79af239a016f30a72ac1a682

SHA256
c91969d0012debaa6abe097989908a3a7d2ecba3ceec3a65d04a69e291f0378c

SHA512
5ebb10cd30447eb915f07c376867dc48307fc7adaa9b3eac761418499f751de32727c019c537bc1e85081f5d01f5584cd85fccfc640005e39488e0aaf3a0ed37

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
694cb1750b77319c418c124313d5e764

SHA1
6e9e1e857cb87b541c6f4286e29c9441f21491de

SHA256
c60cc7962efecb95a9f567822a62966f3d9ff5a414a5af76e65c0edc9a1eb7b5

SHA512
56f68cefaea9f20fdd4ec729c871f50c91818d5a810ed9bac9e84e77a18902d68b839dd5acc4db87cb8dfc9ad8fefc40cb8517bc7b13af119ea6a432e6458167

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
9dd15d4e32e347a30cf960b5d2d8f59f

SHA1
dcaa6fb5c8830eb3916e276073ce628375fc51ed

SHA256
f81d2528db42ecc28f8f57db80b0252aa761e2daf64ce61a635205efe3aa7234

SHA512
26a7c8d0a27883a1d2346ddb1efcf88ed22bd2ea75816095de03dd96877ed1b94277030c4c719e7133aa77cbae94010f726ce92e53d755e4c086d94b7169e19c

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
c99ad9749539706cc0c2803fa4e8a592

SHA1
33c75c6c0e7a4b07c91c9787050ec4d5d0ea3088

SHA256
c9c9af4abcf2dbf9b1432e0edf1a2602d456a221ce86c8736f9981cdb50df7ba

SHA512
05f15f346525fde9860315e2ee974f05c52674432bc6ffc431e74b5bf8a3d11d853cd97c41e16d069b85d8d7a66edf296b915740b3708560eda123816bcf4d7c

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
aae25d7690391b4e72073a9f408041de

SHA1
ede9044e653103c89c7e09158a6e484d3fa5e3ca

SHA256
6b36d56ac271248dd58584269f3c74ec3c6853679b04b9f31fb671d353fabbff

SHA512
9bb1c81080678f89b8848d6630ac93e374e2523e698e2bca109c2a0b147701f808d611cad5db55ff73e3a3a8043245aa67e40e4409194c48742aae211071e581

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
13a80432a336be2c06bfea9571af6c42

SHA1
05db2a831ed87f1f1b2078deb6badce6ce56ca50

SHA256
8f189d1348013bc1444a37e65618d72e9c75586cbdcb3b4c49135d81fdda6bbc

SHA512
48edad485c97b277451987deabcff8b06591888fbdba84e66e7a36901928616c3f54ecb42b6ddf8111d55b8957bed25fcca5818d63c69f44fc3b4f2769eec4cb

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
45ac32e23ebd3e0802647e27cbd8e3d9

SHA1
a2ed5bea581237e20bade8c962c554519f24fa19

SHA256
9222b7dba982dbba8a5895b4590cad2760a2ecdfa5c9571c5cbd5b64228b4493

SHA512
bfa7a2585ed1245d423f59bba19dec57ccb6bccf3e7052953de499e90da8ed61acb04fe61d882ce27c28ad1d3d15253132af9803c9159bbfea052cea53f8c876

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
6ad0bf93d9e50b8edba7709a1cc4245d

SHA1
84090a9abd6bc0e1eb057d1c2340212b88d97e8b

SHA256
74293bc2b62c5f0ffd6da3ebd6cca2ef1d10a9cb989a02898891a1265e43de09

SHA512
6a1b8aba6a857a41ccc5adf88cf26101afca5efd0aee3e9c900886fdb98b0467d6094b524e611ec822ec9235144489ea779211bb4314081b1f6c30a71bd17b67

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
1424fbaad56e274c142123ba5c02afb2

SHA1
ddf4e9dcb59cdfed520cdbadac9c225a6ad0b9b6

SHA256
3b0fc23b8d45f82405c7f231fa6a83401c0a5e3e2d2c3951bed1c5163aec6bfb

SHA512
26055474a7a36c9487f5be860bd66e405623846c7d405da20ae6841e169b0c7f9014761edbd9eaf6ad4073b91ebc487334f38b3d461fc9b700af025ebe08ec48

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
5936bf02a0e5dee45fdde76b0e6a22b0

SHA1
a6c9dc2e238ac524020c6e08302927edf7065601

SHA256
124d8ec4286dc3fe039a99e0b85b4b81135e29744532cb0cf5e1a37f952e5581

SHA512
a4c38082c7fdd4cda140a35a737807855676ab599be007d554cbcee6e19ca6df039ca95c666ff6aa4db7a0f2b26d740230037eff64c2397a9a140a76b50e1c0f

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
d76c9f6135555e38c9e70c0491e98c5c

SHA1
89c7406eefb08e44301da226855b512facd60a7f

SHA256
0adb7fb4e23fbd8ace526cb4cf7fb06bc79525a581b46a6e12f28210d7857c61

SHA512
49aead330384f904933e096ebcc2f473c74cb9b102c095ce21dafafefac736ba5411ab1504c8dc2bdd83299cdf0cb070babfee10c8c177f861816a0bb5d3a368

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
e605eab3ef41b624d3931b42a5582d44

SHA1
f9bd306f63d8361884f410fd0b9671d95f477760

SHA256
75b12b13db595c6623dba3d8ea7613fd21559a78dad91a0970b0aac8e45a2b7c

SHA512
1e32c6930d8b91a4a0d597e1d45a60a27f29d02e87b91820badc4c36cc1e4e4fa2c98eacaf60f8a0bb63cf57eb0b49158d36a9537773ded05fdf703392dce127

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
bb7966ef61196284e8d9d1e09dee9efe

SHA1
be990b8438be0ca97d39f2674cc77145b2518b0c

SHA256
a0bd077521d3fb127fab84eddb1619dc8d3759ce063a6f3a81cc83d6120ea006

SHA512
a97d127e12c2d4b81a439078eb9a962d08067cdffe5364b2c00fe199624f33a39a92975ea23bb04822c961f2a0062ad543cf9091ae1706e1b8c0edf01a459817

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
ea8d229b1771d5c4f6c67efb8631667d

SHA1
c94a1d98838cfe3c39c6645350d0afca5705ec92

SHA256
9b298fb2d30d4b9ceb9fcec0253829227034d00fb8cb9aa39f2ce9e1bee3357c

SHA512
34726aa8316dfd68048367f52a7ae2a233ec45ecbec63f03cd6274810ed06fe95a47e93e095a6659f1e842273901e61ed05377d4090bfb724836040f38cca25d

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
bec6071414f9ac66f1e4147e565f2f32

SHA1
c95d708ee4f6f7369d5fc91d9c8ef394d2ff9f75

SHA256
09c1ebace52a50f15774a69913d3bd0b6498d47481389e85c4695e42c14d8521

SHA512
cc0457e470ac39d0f66be90d7653fdbeb15b3e5350a4a401a7d5bff42df44d905a236d5bfbb497173d0995c48fbcc2c113a64502aaa566ea949089066525c185

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
81572847c878215ab000d5395c1b641e

SHA1
d7d7860b171eda655fa080ad8126be96fd9d83ea

SHA256
2db442ddc94d0cb7881ef1ec0643122c3be1bd291e83de98dad7ecad5b9bfd57

SHA512
aaacd89b6a005bc4b8703eba948a38c859b2bda9b921d7a4bffa39bde67f98484a0e1764f14d42179d2a8818cb8f474f9ceb8c3dd73e9844b5c24acd266c5197

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
f117697d67fcaa0567598c94599b33fc

SHA1
c41300b94cf5f9d054b9e1c6e5e335279e1bc478

SHA256
5cde2a90a60300a1f2e7c68d335bc8a85313c65409aa70306cf0fce452d37b79

SHA512
bcc5731e1bfc32a2170a96361d0b5bbad43fa16169880d8ec1c2c2b0d45e49a028631325fcef34f8664b3cd17a9f3d7773f4b910fded3e6db815570b4e447dc6

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
1763eb6f22ea62ed5cf3b4eb28ed208b

SHA1
b32c193304f3477af1126a09412fc8d2de5c1e1f

SHA256
64e88a318874222d38a4bf832a48aecda39106d83b4442a9750168d1b4fc6ad0

SHA512
9e887873ea1f3a745926d94a4e362e256d3026256f6cf9efc2f12b6e71d382e55ad36b3956b065986651c6c64d24d89eb0270d7fd95d3ddbc6ae205feedef52b

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
376b8ad80bad1b3ead6a1e799676b004

SHA1
d86ad799a30d31edea1ab17ba2155976bf11b46d

SHA256
ac37a9baec9b6f163dc651773571e53364753ac8fded94db898cdc0db535c2b0

SHA512
cb2b34228f0c6d165032375b25759512f434e93a89b02398ee095dffa8389080760e5e6e82974524fa0a40fcf5ae7511c501b6e076e0e1d1094d087e0ccf1d8c

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
723d4eeaddc379c8008526548b3edce9

SHA1
a8324c3b93d0a04d1b4e66e232c967f6f24d997b

SHA256
b5891e555056b6359a6e13f2d8e112804de248c92905440a4e3c78d73a65e9f1

SHA512
b58e14444226cf06465686b36043d5e9846c15a65b203ad8c38ff9163ca829180eead9472ce5e0d73578bb9f204ff85ba64be3a5800a86c1b4ca31b09f72bf44

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
0d48b5dad8988245fe79a1376200ec85

SHA1
b4bda12e4baa32fb25ada7190db95e78e3e9cfcd

SHA256
eb86cb0bafd7e4470c8ad998629bf5243c72005686acfedaf3ff9f0d9bf7ce99

SHA512
48e02f6269c705a6b61950a4ef1de80039fcd909278f0d427ba0d58658d29c56062aab07054b2d4fdde4dd027eaef75efda51f82b948b69bfa4893898ea2da72

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
35fc458ea8e76b0d9d75b05df9b67fee

SHA1
0cd4e1de91cbee75e1e5990b319fe182efb816c2

SHA256
22b235df1a327a946238561822dd3c915f279073f1331d0f6b7b675b76329e4f

SHA512
da93ec37eab563b7eb0e3417291d2028cdda3654be42352d34f4152dcccc70cc2c79666e5604283681e67e52d0c6215521c95cbbb36bd61fc5a03a440242cfb8

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
461f8a9d2b9c9b71e820afad0ec976a6

SHA1
2d7f0734d4880d8b72c716b6855258517396d29a

SHA256
29b09cc21810d41f499899a107e145c7a73a426059db4d3e69006d448a3b3b45

SHA512
5dd832d7c3bff76a99eaee80690dd86992e50971b7f96c20fb9e18eabb4d6eb942ca5bb7ef4cf0a9ac04eeb74fcaa86d5129f69e30be79c253bfa5e5ca564351

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
cec09ba864e2f5cda3185f7ad9b64b7b

SHA1
6d8109794f96184441c2438827f99d1b508f7c34

SHA256
52ce859c26803233b8fd528261a20be064a9d7c46c6bee793130a37b6217e460

SHA512
7b0df170b78e0b265486a77d9c61849c6f8050c77c749cf33091b286413117dbb4f0f7d2ec9bd4b3f09b9771853093135744e902009d279a58a9ee9bf729d9e2

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
73b7123dba795bb3626e4a836295ff5e

SHA1
536cf8459ca354db91d0dfa0c763d0859dff27bd

SHA256
e1503afe9a112aa3b920b4ccc0d6e5035a816111bdc922deb92c924f7d4e61b0

SHA512
1d6e6ff7ae3bf0a8fd426902a105905b3e4071669c21315ce046fe7790ccf601428fe08d6d144d47c78cfe7beb02d419f05d46136fc19ebb514e143f90677ac5

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
fab60abd64bf5112e1d9685bb2200906

SHA1
c893740e90a491c339638776767727d64ec2545b

SHA256
5a668588e05bf2a7181482954c85357be7f671e25282d333ca2647ecbc28ea6a

SHA512
74b5489a671d6fc6119b4775c6f1453092a787fd07b57a4264a6be0b1d90c1a019df208e2eaf269a3aa67d8ae534cca97f4418dd0ab98db3fd43f3e40d7790b4

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
45c22dbb37b3d4e2e69fc8a5ae0f99d3

SHA1
25f64d4ce1df539ce2768e4ead51f671e533e4ad

SHA256
b474058ce08658f7125d6ee5cbda5fd8325f7ef01f34457e15fa0425e9b98816

SHA512
44a1618ef24f05e6d81ed0e802f8d77c1d4da289525faecfe6ca45cf8c914354e1e42c8e02395afaab09137d3c8a0305faba444c36dbe64a3f9e5fb2147ab852

Download Submit
C:\ProgramData\BsgUsIUY\AqAEoIAA.inf

Filesize
4B

MD5
218a6bc765b4905bc0e7298b247a5303

SHA1
d9946b146feec29fa8c9b81f30b14c2ce5bdcd8b

SHA256
b1ff75f51138d663e57c873df975b48f702e9999d1e92c873f40f64e0a72b105

SHA512
49474f1b138ed1428584883b4200044c4cda031e9910b4323295b687d050778927e41f28fdbca886a46763f9ad195b676158f6c4ac78085677c2e56b8733efd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_EFB75332C2EEE29C462FC21A350076B8

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
972e45a8b6f22c8ded720e41755e9a2f

SHA1
8efc7b52fa7eda672451b80b71422a91fd191b7f

SHA256
b6e15da65f2cd3f2b72783127329bbccc26e66aa9f3f0ff4a8d310f8937aba09

SHA512
bd529db4a740afe3a026481c50c362d3ec9d782caa006b72f0c6ba7db62e31126c1855a2e2f517cc1d54d1d70cf26d9b2c601331a6e3f3a6636169e2a617ace7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
38KB

MD5
6f9bcbd9790889389f52578f0c27177e

SHA1
941fcd07ce8c21efda837ce99c2c0c532a153115

SHA256
f83e87421cda34647dbbbd00cd215a7f86445af8b2e550fc88413a757b89caa6

SHA512
8e20dee4c862b915790779e05fbb8bcb61d686c6f11f9bf74f459ebb97979e590c5fa4aec6bd83d9eaa68b2cfd6629144b4123c2a9c6757f777593dad313a0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
08818667cb24979a3a3fe5a6d766998c

SHA1
3d78d6b7b7562eedf3ff665127183db8ab7b97f0

SHA256
422f5812b121514b74889b6b9e0c700af84a034730195b6c9307c34773120592

SHA512
6ba22b3a4086c14aa8c543cb3ccaa708184d3a7cce5e275129fb6c71dcff80642ab80a50fa44cb2792228713b703afe40e41f643c08f36022491992f086d65c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
524f231872f28fa188a7a00fddfbddd8

SHA1
376166e52804aaead3e0004b7f4b0398864913a2

SHA256
d2c6336cd6c92684e2097bbfc3421e0815dbff78f044a75c16ce57298a9c11ba

SHA512
c830ff091727fbf29652247fd2f178873f74645aef64286c4d6d60b93784a9a8b95f2b79348d1d702fe60f810f06aa15198e35f704a5a3732cbe18b8376744f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
88637f4c07bf42bea21046c1c63e7a0b

SHA1
5fd8207094a04e8e03a41a26875a76ad0874e274

SHA256
a835c9288535f6317513103d97f77112b84aad95d326256ddc09b749135561c4

SHA512
ecb8c7ab7994baa47e711dcc05cb254367bf052abc4c68218a86b4c58e9e3769ce662d59ff5a84e202b6d63c0aee95edb2bf176b8a02fb6e23eb55a0c001f9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b8a5f673047bc41d4bc1911529155602

SHA1
65e830f1b11546fde241b1f086b281e4a5f5b54d

SHA256
a3c4d31f56aa5e883ef6756576d5aa2d6d00e43d33729b58ec8406e6779cdf0c

SHA512
da9f56f3b232b680c8d0730070b68c576e1c262281cfdcd9578cd862c3991694d11f9efe7809afaa28f1d433cc9afdb0dd3b5462290928d93d1b00ac2b87fb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1c621fa32101e1bd149fa593a5edf938

SHA1
20431c9b464b156dddff233510e1eb498c9b79d7

SHA256
a3305174a9876ce9f7e9537f655fbd7b47b8470ee370a43af121aecf60c69b6c

SHA512
a1c929ad442e965c4e27b1d8683720ee9139afce5712a4f26931fe5d674f3dfd378851402aa348e3ced7abfada419ab7b45ede83b5e44709cf33ca3d6199b5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
45f7a7643de55358b01c37330e5632cc

SHA1
9b6225cd30f6c8c2147463b83369d72cf5d132c6

SHA256
35d65493eb0ea8f249e2a44e3f0e8f02c4ba86aba90da560e7ce073564227108

SHA512
4d27cb83f70b48a39fea42552997279edb170b55d80442626e0e14a34cc759c8a8a25de0b9249fb2e337dc9ca8c3df501c3a964ef251de53e355c08e5b4526df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
43369e0cb7de0b119c3956da502fc4ac

SHA1
a0e01d3dc0601ea1849f9c35577d63ade304f261

SHA256
51946973876a1e0ce51135a906b5543dc2631f809a09e9a7cae5ecb741642e41

SHA512
fff1e51fc6ec9219889a1d03209627c1d802fcdb1ad0c03e4640a117784b5a33179c5b94a23905488ce5cc681bf222f144cbdfb8869a541b4583ae6646199d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
a5d36a196acb2730749a19473972b887

SHA1
c9f31ff34dee4160d8a5333f1299871464dcd701

SHA256
1872c7ccfec015aac0ce0d44d9adea84e0818e17cc1483433b974dc5a72b2144

SHA512
f5eb3bf30dedcf6efe3cdcaab61fb09c35c89845986d35aadc9d89cf65df01920b499fa6187969e6b1d810e8ea8ea14fc1ab1d7a915cc7853a6d5eef1271daa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1a399d087f1d4f65fb303299981d593

SHA1
84dcbad1e9d9bc661c7f38b691b68c8e1be7737a

SHA256
6961f67f0d6cd4583b94d9b2c5e77e614e9ddb5d5ea4efe683c62077946e55fb

SHA512
a469e41bd7c0aefb703a3b7b78cc00db6c663b88288c5fe5cda2ee807332ee6320aaa47b6d9e78b1375bbbc428e21e28805a49e935ef15968187adaade745545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad3f35397f83ab5fcf3d264542d10e3b

SHA1
314675589a5eb5f78be81c2eccb331141e982e73

SHA256
946638c38f6c1aa24b06362e256350b710265313300e6281f38527670c6debce

SHA512
ef9e573a6c821cadb7e49acfb68415ca6b672500bda6dcac754fedc86c864b3bbcbb22fddcc717171e7dda84b458ff0aaf248dd6af2fb72e902e73548e7f0c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df78f9c3ea3543e7e3bb447acdfda525

SHA1
2a151a29a6ebc28f8080a4a141bbdb379c2a506c

SHA256
faeb2527e8c14efeffdfbe7b6c482954626e962079de587fcce2d77442e34f68

SHA512
0235b77ae97b8ae8f2960d84bce25c9cb693a7ee0df21e6469d19845530ffb62784eb9c291ee2e2c2c70ade61aefa21f7d300ccbb8b638a7ae1a0fee0bea9113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
597267f9bbd62692c3194668d47f560a

SHA1
f2facc075c1772ae7c4b518f2d29121d0f0f91c7

SHA256
760b25202645876bc57631710b169d85dcd4d82c067b7960520b969ebcf2aa53

SHA512
5ba1934bc32a736363548653b51628e5fe1e7acf4628e0d13103a22ac324db981cf2b20b383603687e398f0ccc42d80e1ffadca95d82b802ab24204378f11ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b109b73519755cd708bfa96ef4a00244

SHA1
e868c97ec0dde9d1347fb441ee111b95f7f580f7

SHA256
066032d62007377d96e0640e90fc4ef0528872994e7987a87feb65e458085786

SHA512
3f14239946e99ac9da08c0151b737d60a129bb912c88e84ece1fb4f1f49e76fa0a5897dc524ca9b75d51688ca7270f785356dd8c5b0889249af656d610270932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b948ab20289dd6bf09018e9f060fa6e4

SHA1
990b6c312012e0b311772c186982cfe860ef48e8

SHA256
d73d8f205234960cdfec1baa5197814f2ab154e0ed2d2ff5fdff3cf93a590b1c

SHA512
89b4db07d2c2081a431ce1c300389790bf014fbf693aded0997da65d032336729366e26baae9f3e29d08aa6059fd53f622b591d055a7caa4308c4b9350f9b16c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ccae68cae0fbbe9071c39ef92f0e8db

SHA1
9cb06955a6e0e4cdb8339e8fef1f74ed8e48aa7a

SHA256
aa68d97543196c7674451c9f751b29cfe427744686d67c9e2eac4b4bfed7e07f

SHA512
95b89b0841995f6c2b70e465e116126720cddca4cc9218af2b304b1072de0904473436d3c68db7d0ea5b89e78d47ca587a4a0a48c811980aebe4639ab557d230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c13252cfc956eb6b5f8358fd6823706c

SHA1
52b824a01be17bd61a398a04f8b8897c00aeb376

SHA256
b94212e14075e16f14973f92fc147085dc295c326de6945472726636a7349d3d

SHA512
7436bd9e998d756b5d2a7c4fe3141d54d3783d9bca45041e40ee2f2a7e22a282f976ddc2f999bff18f021b7aad88beb477d2d24a5022914302db1d3e6de9bb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b54a9fa8aa7ba7838717c52202308ad7

SHA1
96604404a302dabd7ab6e67475f404381cd0d7ce

SHA256
7097761f36a45452d2aea9b3e2073fb3b2fddf29d8ca8d1c457adf6c580264f9

SHA512
2fa969fff6741a4b2e396daa18200149927d0c711f2047a9bf933759240bac687dca9af1ae833cebd6f36b5e6f42d513bba27e52024859ad5fff5c556d6ac84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba6a6a7d14588e7e13f1d0afbfe70e7a

SHA1
bd24a9c4d1277fe3123d6938acea9147b3f0485c

SHA256
a87ea02f4d18967cd2483226c194a0e26867bc46c215d443f4c5766da5b6b230

SHA512
90470253932341639301b79ced84e9dbd7ad24bbb0f8664ab342d9bcd6bf271e4c26777e1510a835d7a8f893d0c1dbb273450fd0988dad750236277b2ed19937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
863764953cbd75cdd337f0481e23280f

SHA1
86c406f5f4e005e17198df4095dbf1fcefd3ddd4

SHA256
8d828b33acd872798b492db7598433652775e8570c865b2069fddb8a8c9abdfd

SHA512
c9618b4cbfae417ddc6bd032ea9b6f789a4a320e9fd46e493e46752e4d8b37e8ed746604c6c2f3c3b8635bd94f98746562866f7982739144b3f247344ec3338d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be452a1dda06edec384688d73995018f

SHA1
6eff225c4a59971cdb91f0c3de9cf1ce3957dd11

SHA256
e591eb3b1214fca48564319f7d68796f069090ecf79a8913f292051b7215b6ac

SHA512
9f58d0bccf0653b76f7e665f956b36dbc15b01c4b4c9400508b63dbc419d40b3248cca7e7c539a5c557647c7565ed9beba8abdf11f2413f01a1793992deb2c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
678998a5b6506048eb55712cc33b4246

SHA1
c3ef3dbc19d093f1d5e7522581d0410cac433536

SHA256
0f64f4a13548fcbccb1366d4af9865288b0cd5ce799eb26302bc33b808fece3c

SHA512
742e6c8bd481cf5cf2c0ab40eb1d141f4536e44b4e46dc70c6cd7e62c8253c9ec10bf384debe8719a08272f1bd401b92b1a0173b74ba519e664537ca095eb345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
305ce1c924440f5a684e63bf4db749ec

SHA1
8b3268a3b9258899f3178e2ba3394d824452422f

SHA256
69c47a9c9ce0858892904ea92c7daa84492cac103beb00ba88478f629e2c82bd

SHA512
d9d2760a5ae147145427cb0072fd6a56f4c59d5739323e5e1561ce90dc0577c678bc8efa59524464a5564b0ffb55d9910f15e25c1e0bfaf2ef342cce9505ba70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e769eb1682614ff278b544dbac637281

SHA1
5d69fd89b5d4af1284a99e0c375d7b0f2ebcee3b

SHA256
ea385ebb32eb61991a768d372e7bb98d3ce75016c484617caea1d5fb439ed435

SHA512
d20cc134c4ace30708b89db880195d3948d7f533d2b78c1aa142ccc375f8a7d36551aba87e4342f044cac889aedd7c65e2592c8015c1b114462969d2fcfb5d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a64938310f97f95c2447dafd470af579

SHA1
dbc06131103b41b7a03306f24f6b8ad2f00eb51d

SHA256
2b992270c37748ee0ee3b8508868c41a06e686e11542dd2ffd63988f7325252d

SHA512
1992380b86dbba44b44cfbe64440bcb381b27c72cc822164b777b747b0fcf9b75af7d47aa695db419ec12e8165f4ea37f27ee02aa37652ce79eefa6f98e2cb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
732831c7f6358e8262958ce6a9f803e1

SHA1
49d9a25d06956e4fa86152a4e12808ed74cbb493

SHA256
bb988b71f2a3026d966d5480ea161b14ce99e6ebddc1a1818863b32d97b69704

SHA512
95829a88100dc549c5ab91793d875cb7e7b831f10bb0eeb8c7e7be312f0e9be90c16a1ca92b54cfa2bf35adaf34ec9cc551a5f1fb8711f1ac240188ee1900b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b19cf380b26b938fbd118532cea7366

SHA1
03970b13262c1d4ef2ab7c1f6b3030a61670d7a9

SHA256
a408f1b01830cc69b5d31225f8dafbe18dbd070b0262a574306753a0c382eb9d

SHA512
5926adc654406c65be7a39f654bc5e37742d8af2af8ac56e4066f4fc6f3f0815f2661978e74df3c5e265e88f61056646c7ca9656baffe2c4876e53232efad0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e77a171d6badc55d869e2d35b78c0834

SHA1
50462fa324940a7e0f4d0643626d9d8d6d9fc203

SHA256
6daf8910cb0046d8473b4c4e569cd5181069cbb0c6cd131c484f835c33e4ce06

SHA512
ca5e63b7191389d2e00c753aef4e2388754734a872ed910d9238587e1a801ea572289146d2fdfa6d6a09e49ef2881e50e365375f552d848fd67f56399265abb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e2f2eef47b4ab2fd8894f951ddf5245

SHA1
e2bb09bdbe144588072746d3bc40a9262395fc26

SHA256
efd5f51a804b502d5d83b9adac5232a465dd097a88db228027964e602c886488

SHA512
d87230ee1391132295c66d526f5922a22232a3c6abece7fc0af4b1b0addf6de8dcb1af847145829e40dd4eb377799f492d1b2467af205a8b576ed88c7b402843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab15218a5f03f2d7c1eb1f77dc7994df

SHA1
a9898e48161fa2a9ff2bc00375102d9e03daa15e

SHA256
eb76f4817d1cb4c603f99c83bcad0f94e9942599952592358122445e58f4b12a

SHA512
88e8d40af618c47b19456bb420acc13e374013b34cfabf7e261b6d6444dec704b1d26023fdde419a5c7ab4ed80749c80a261892174299ecd26b66f4c0070dad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b754501b12dc036b4d4f9bcb2266a56a

SHA1
a9ce3e8c7c3480f51664ccc238c8f1e6a78d3fcb

SHA256
2c43da1c55736871aaeee3e40c1c2c5367fdd0750b9484f0498fa2ccb26da3be

SHA512
999564821183e7424bb584ccbc46a3378102b6181135e4b9d2a848c8be839d50a0922297d13fa08a07f376f26da169e1e6ca09ef8b2284b06acf9cbc3d999670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad948b4cb8cb29bf8d52f59992981c91

SHA1
7cfefde6973c900c1c2cbc23b678604284e42d17

SHA256
6d3b29e5ddee6906a87572ce881ed75b6bd150c742a8c83d80fa277359b0c763

SHA512
7f15567a5f2556785605b980de3e6a85b29c9fa266233be1097528161eab6c7fd8c92a49735bc3deba96163ee82a15d17e712a428629cabfbb0da02f32721d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83e8c6e2b44c4b21ad1248ef9fe7d7d1

SHA1
1a2fa98f5214642a82bcff22b091089997eccfb4

SHA256
5f112017196732a7df26a3a6e11faf8c7c69735f13091bde2d9541ed8a0f0a82

SHA512
b1f2edd0d1aa190db242a963d2a66cb1bd6b2cc41806504327871083a65cce4cdfd0550a64925fef51d071d996d7fc50610c6342c7dd73e5b608aa180364364f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a55b347b14c9cb270411691e84387f56

SHA1
ff3a6da83431160908f488fe806aabb411522cd2

SHA256
8b777b9b565df8faab4dc7c377e1c611fbd5420b9fb6dbc9f1f0879c6ee069d8

SHA512
f75035f00b249b6303266c3d00f55c29e471a8f2181a6188156ec64afe44b23909a6b48974efb6495c97d5ad095451c8c21d1d9d404fe78f6b2fe5373e9803ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
bcecb9f033f39db0cc5703cf9c849ba0

SHA1
525625f9cfcbe3d8a90bb02faeef417bbd6c5d16

SHA256
f0bff6cfa2887fddf768fb2037884b089ce05cfa47957d74098db4d3692a12c5

SHA512
fefaac6a1fdb9395c079f5f34bb553e5b0ef9d102c9b60ec142d52e41c070a63ac8f2001369de91264fed9f66779c38b68763f3a83e197ed3377552ccac3d779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
4655101c6072ba2b15bb864e02b39d52

SHA1
63a6e2786196897a69273adc121457458e9755ad

SHA256
f61aae76454dcf4dcabeddfdf78c54b9e2a143f2e935e89ef4646e61504aca2f

SHA512
30f680f37a11b22b297d8bd569aab2af115b087be4e4bfd88fe572a052724037826fee20cbd77bd46cd3729f1bee42489c6276fcece71c5d860fb43b3dfe6ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
370b97f4f4f334dc6900a29cbd64eed5

SHA1
2a1f1e87c0cc2c264be29019b514ff0f8728c5a2

SHA256
7e9df3a87c5cfd540636ef2a3420097bd9c36367bf78c98511fd5a11f6f01af8

SHA512
4ede818a9990fac08ddaa20b56f7f4bb2c5a312c83908df1a5412a3300a5cb466ec2858ab73b25fdb984962dbc1b1db5f203f7e3da0148bada15ad234ab9bdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9eda63aacd62c9d1073350d2565a768f

SHA1
788415dfa3a60e9572409d5e46ab04505d49ad4a

SHA256
72e1b5da2983cae82b009752e9f430e7eb67f2651d5e537d8f60286409a714d8

SHA512
36b5020db3ddc5571e2c13d1dff6f1895024b13fe669e2025f15fc67b1a7173341e1be56853d2850bff0961807e3fb9cfc783514d77f501c3b0ff5de2a506a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e5b24f84519177d16cb3c20a02f950af

SHA1
d78466e377d2a31f84ff57be3433a3a04248e41f

SHA256
c0167e48b1f74e648d30d2c5e18d516b3095e8d7f5c288a98c5b1fffd55b8d14

SHA512
5ec7d749837c6a25ec6a39bef1099d71c914f7bbff8cc606998a92f489c253a7b9b0a1400ad65cf153abcecd06fa48bfa6374e999aaf9133bc615a7764b8ba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9013b8bea41aa2c8fa7f4763168069e

SHA1
349be86bde65cc0c3a15b2b21b6eaf2db452e92d

SHA256
6245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466

SHA512
d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9501f4bca22060f9c65608688955e7ae

SHA1
9ebdb43d4948c72f9811ca38fa8672298532397c

SHA256
da5180d96548328dbbfe5d65d972ecea8a2a622528f95c9b8a21c6e27f8379a3

SHA512
7d4de9bcb70b319bd7aed23b8a1896bfa578815c3a3ef32c4924b15c461ce9cd278614f9bf651b1328be2da3d8e82e4a44370c28d2138a2cb4dd1d0ec3e164f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
50fea730b14f50cc7a0a13dd3d1b823e

SHA1
d54da34be942fcb50b77d0859cb384fa140b410a

SHA256
f994ac7964c40ee3fea2be1b410e7d8efe4c423009d8f711e262335fc7addd55

SHA512
e1f02fd7819822b04445ac9cf7c921b685a5215155eaab7c31d74cec09382e0cf18574cd4ea6cc523b9bbd285590ee696f25975c060144b0045c14298e5f7a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
908f9c2c703e0a6f81afb07a882b3e30

SHA1
53ed94a3145691e806e7dd8c160f5b459a2d16ef

SHA256
4436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52

SHA512
7af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05c0de65-89ee-4497-8609-7a6e252115e8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
21KB

MD5
1a87d50da70b524d872a2ad46fd312d3

SHA1
e019160b3e28f5690183232e726c0e005099f434

SHA256
677e9f0cf3c1c316bf715a2f0951327af8f4b1d495d803b811abd2660c2931cf

SHA512
87fff80de02caba8d9c3bb8aaa362abff0253e5d5477d535122abe97f506f1bab9b85662d347e6375beeb8efae67a036c4e4903e2393cddbafccf8bfa6ff0d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
532KB

MD5
00add4a97311b2b8b6264674335caab6

SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a9a1ea41a6e4a84e322e695dd3170eb7

SHA1
99bc51f6fc48e72a4304ed83d9d9c5534b6ebb01

SHA256
52d2b270c0724e8fdf581f480052d3196963bb1741ee27b93eb4d5256c2be148

SHA512
34f7ab04aedf17644ec60b3029bbb050decf11af589f4b7275b7bcc6d5ecb302ac78242be6e322fc77289ba31409088a05eccfb019362eb5f52436713543db30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e8925c0db33a2153cb0a6d3665ff8350

SHA1
59e6ab2de350f3ac2d4e8c3bb743f0dad9043cd3

SHA256
9a2ced756c8df07f13e1a0514a17e9f3d270d09da594437710d480442db0e4fe

SHA512
95de54f54b7c978f7cfe1eab6cff543bc301c788aeffe79a672dece852a3d9b65a0225ede694da35be8d3bdab3c2ce7c0d4f783a46d50ba7478290bd499ee333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4ed37a2813cab86e5f6fafd795364bda

SHA1
edc09c779c0acfe9125244af58a00d19974cd368

SHA256
73441d5c57ba7795577d629ec71d7a589a1ae19d1b756f24227add22c6bf27ba

SHA512
d47b797b2ca03495184b2b1244f1a69c1a47e7f45307389e217228eeb222771585a60880ea2f4a9aa08b19ffdd274b9372a943255f11c9a6723b8f9ed4f3c432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dc907b2a85e49f6d7ecf9f9ae13861b1

SHA1
6839f096a384ac7f675f09e35cfb58fb99ddc02f

SHA256
87e7e40e1f45c0b6de16d79b7e0e3f6e04439e16cd0cab8c57cd3cc4fd2c1ee3

SHA512
239acd5abd22ac9a90c09db9179eb06350f4336b07e225368b513fc9011c461c26ec7308a2fd54565e3a6768855b4bf8f3a5842dd974fc2beabf1856726e1e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c3b218242c9a82bff06ef7265d9dc213

SHA1
b53047b795baa5cba67dfd67cb40bb9366f3700a

SHA256
7202dba76443c371fe1146172e9cc91022d275dd08aec9cd36937ae4bfddcce2

SHA512
f36e76f4886bd63f549801e4f02517ef5070b2e4c515be797644fa9786d3500aedc6e2c7d400af106880064ad3128126485c33ba8831be9f14130ff92df2df4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
a1718a613e5b258f1a68a1b09f7d1abc

SHA1
538beaf804c5c71b3eb9242c9acc240adc9dd71d

SHA256
9cef572bc77b7df730cf9992f0bd2af69bf297a4e62ca2aab4e933d3280f7d37

SHA512
724a7687c46f510c6bfef9856ea79b386e34ae72ca0c1b8fffe21269520b490a2f6cfac78b7484dccfa48f6528a4f7796f240e0755ce8b50e5a49504f3f2206d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3dddbd48eb191c00655af2913724941c

SHA1
48e2cf8db5d4214562f601578d7e2d4fad7a14e1

SHA256
fb51f408949fd4038797da8661204d068dd7ea6459635993dad1184a0729fbba

SHA512
5298f7d7a4d3c4e19594e602a87e3b766e3d05cd99b37bbfbc117cfa65109c23268d3892ae38cef5b69412b0b48b5dda407049d418f99f2d245806c11ebdc63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
a0a2570c3df8dd9fedcda5b6ba06d28c

SHA1
055b3c752c2a9c82b3a1648faa06a13e93c53aff

SHA256
d7310c4bbe5b81dab0bfa281112e56fd57b876a8fb1c40fbe3996ca9e21e3985

SHA512
e431eb208d61e970c53323959896e8fd57c162a614384b7ba0f57580c86181d27cb3792c31946e31060b6091695358d2c36724c37d4f66b767c341176eae3675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3f3b93e03ec932f754ee696a3f1f5fe5

SHA1
49d6b37e83350ce32e84e3d9bcaed36c69ee720c

SHA256
4036128cf1e175277b9485ebe928c6290d69014ed8f93dc533292b0982039ceb

SHA512
341149df09e56419291edfb1c2b22e1eb074909f563b24de527889508b4a5bf198f8b1d38293d10841dcf994a1276125767edb5eeb91c6ebbfd0a00741f17020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
21df6883c173f07d3d9925c1aeae40cf

SHA1
33f070ae6c5f07dbe6040ad0290b91c8a954ad62

SHA256
75d72a4628b2efd2841bd6380fe77a469bfdd85c1025043a10543445cf382566

SHA512
d75f52c4cd7c4af527d69633ff63a47ee2892f2476ece7dc54abd3267f320d91bdeff9b58b5a701a0fe2e32f3b7cc2a9f44718696d8342ab6cd2fa07ea6618f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
8c754faebb102dcc006485404704fd98

SHA1
8356ef762c2c0cefd3cf824a237e27ea59b0900e

SHA256
7ae200d7803f0b5b70bb8447d28620539d4ef011663597f858f4f9ea57699ec2

SHA512
b757bd3c34761ab7404d69bc43cef3940f7dc3c1699433a609ec5c049139b909e54f488f983d82b92cb70647963d70c40f2e938ce2c9d1b84fcbe8ebbaaf3aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
305B

MD5
124131f9e4107772fcdbc0ade862cca0

SHA1
ef726763b34844e2e67651f71f0fc942a4339af3

SHA256
61ebf1e111379e58dbfd42da6a3fa127c27185c83fa124d743bfe73e6552e024

SHA512
b805da12ea6862e72a4fd24a7c68565aac1abef7939ad16e69aea360857707f4492fb9166c2d9c16f6ff0b2f2d907ba2744cf1ba32ab11246dbf45cd96e7ed07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
987f6c3d207a43207ce8f6665772cd92

SHA1
38dacd458e73952ae068d6d5027dc95c41d8bd8b

SHA256
f80b0f828ffcbd8a00da825000cdbde063415e1f04c1233041342c1ace6e6576

SHA512
f792323e268dc5e7438182ab9a98aa81fb8300d76fe45d7ab157769017878355e3f91ab49cb01a5135d68edc05b26c9f1bc40df170764674f992b8f3836b5dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cec7ae82bb7ebf958881bc0cbeff1150

SHA1
fdbe0d75755c9f77fbe57e2381b26ec3297285e3

SHA256
5dfa096769d27b8790a20849df0adc5f38b9b9c2d58b69870fe2189f58573877

SHA512
305344cde87631d7b04d7a098e556f384de1d55d6e89ce012ca9dd33a29a20151a263f3a49afe39655e83ba469f480058f9bbf5cb37e663a7304a977203b87ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
36c90f974925eb3305f1eebba239fac9

SHA1
091c16bcc79f91bb6ab0f2ac57ee00b59f6fbb52

SHA256
076302586722f64aa8a896cc7683e28de7759af6e884ba37b86f6cc28c744ab2

SHA512
436ec4541d96832cbe9949564cdc0b3f8d856c1b9bf4c5988b067f6bae4f9d8c1177faf6f5d63d0540a65ba4ab4d79ec65921ab52877ac46fb0def54198e5bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b1e021514d8dc2f6d522da94b323cce6

SHA1
a4625e11e580b9e30f51ae10435c945cf9c97481

SHA256
3683833f794b663640cf93003adcb8c7cc39717be0ad40f2c0acf55f401c5463

SHA512
91c3404b6d7f763dc1a35010e82136bf0d5ac62a436e601312dee4d47b81b7177c0474e53ef2595db3904cec6f7d91e3a4c4d71b9565fbf02549e1d319c2b15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0545dae7426a3c1028a815337fa9c023

SHA1
5a9dd3c43513f105c0c86bf65f70ce5e34f8e273

SHA256
38e5a8a2b9241f509f4c41b407db66ee7f7579bebc0efe0561b2a7b265a40e39

SHA512
c1cdd43622cd9c82f480e2c106486e57a884766c00967d4080bb96ff86f948d6d41ba18cdf8347d54fbb1da444e4de355594de5a9f41690c13b133bc2ce1cc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
b706331cb556fdc5ba6a193db341c589

SHA1
8c4b850af33b4349db092becdc57460aaa4391f7

SHA256
d69439fe1a24391c1a74d4d78564668e2a6346bd85cbc0c3c824cd93010a125b

SHA512
a9a92dd29601f5fa9c2646360e36c0489bd351d132f1b22c15f2095dc203214f8f1f26695e002ef944172194c5c5197a8c449abddb875331ee5df703e26d14cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8e4b04c29e0fc27ac3952d14b0a83ef

SHA1
56a75470fbd055731cc2e9d5ee1fd8d939323599

SHA256
1d8825a691f9b60d91c06fd194d6a9a1ef05988b46d3bac66369e5d336a6e286

SHA512
0d8d19c4a6d18798c8becebe2e846980e2d9a53bd12eff7f9b8fda225902295364b8ba02346c00194461f81a4ff039fde02976f0875e67f7d6198606219a9c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6bfcd97afdfec7cb8274d81b3c1ab30e

SHA1
091e1c91a1399bb404449f485d01dff4847510ef

SHA256
a02e1039a1e962d8a9352a9a76951ab8e44c3792b79c86169a3e98697d10bdde

SHA512
21c8634042d2586ef6112b769ae20605ec088026d79be176d5b2048a0f0c7438ed2887995b61397f7e7f5f0b8b90d6890dc4785f27cbe3c3d48f998af790c338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d988d584176571c4c69fa514cca42e04

SHA1
7cf4c82f2ce89ecc13673f07d30abfde4ec1c45e

SHA256
1e2b5795bc4121c74c6eca6cb350fda061c17a07772bf7bdf5749b698352c480

SHA512
6b8fa8dced2f128e87a34e76952bdac1a11c8f04a46e15aa206250096dd6b1c711d1480399241567e7fa002d22a424258ed82d77e1200465029ae7ad4fc20b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee51cca70ff8ae7159bed6a6c6061f56

SHA1
215ec857e23d23864c2e07912ea0c98dd080c721

SHA256
21ad47c474b67eb3c4dbb4cbca46b094cc3770704277559c394f94d3ea2ad006

SHA512
cfe57b48fc60913fdd060583012f31e7ffeeda4941ecb2ac7fa421bed05c02a275929e94a7ae0287be8a253d3eff6b7ca069562eb256c1faf7577909ae675b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
daee4b0a7480badb7a77ba710571adf6

SHA1
89a30cfecbe5d5b314bceecad7ff6f1082416e27

SHA256
216be3c3216da74944dc1e80f7e47d8b98d95ea917e2d1986820629c465a0e7b

SHA512
d6f931688bddc4b1fdcc66af5c25e141123705af320a65248a7a4549392206a746527fa43bb65f90d99ddea2d9a343c67b738e70c9b3205e353abfb9a57da2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
267013ff41c1e7ea4f076aa7bb2387d8

SHA1
cc21fe90ffd3cc22217b6a744f72a4905f1be8c5

SHA256
515ee89e42cbf156676a1b8b40521403e3fd6e560eea561aa6b3c7390d949199

SHA512
f8060ecd8f8d300dd2ddf6a23ce9ee7bf9374ec3909abb101ac0eeaa566cf58e7831904774bfbdc84580b81d6f613f1f138f21ad6d4e8831484f0455cd1c0d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6855c78d6d9206a63cc25e8c4de60f63

SHA1
c0a611da3dea277d0511490cfa0f9ed2cb30a86c

SHA256
91b8a79a3a96e56ce68b97b058b0c777a032ae25b03409fe247d64fed9cc6d8e

SHA512
ec58bdffd0d40cee253369cc2103a98e544d1df58b8d711f44d443a0754c2c711430c746f67434aa3aa64e0e8a0e90b4b312e073d836fea50995fbd3b7f4c09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ba22713b21af031ab779235bc698d5c

SHA1
1836ae31294f4c5e74f2507f55e8aa41fafd18b5

SHA256
ddf5254ec6937515da2bc6663676f46b9aae4bbae91ce0ef281fa73bdff56373

SHA512
651f05be00bae7e5d5390fccd58a5fbf6a14fdc10daa175b237d8202a2d2815a52de859185ab041dfea67452ff1520969bb028516d983200d167b23e6e79a679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8fb267112fb7c876351a6f202ed63aa7

SHA1
871d07b6b991e7c940c441e09d510c9670149f6b

SHA256
cf303233d37816ce59a3410f79fe1fba84a2216afe689fc03cac3aa3f20d9308

SHA512
aead29298aba0288efb973aecfb04c151a07f1c7fb74f0437da7ed3dee4e6976b5739e339e0185e705442ebe41e65e9a5336cf088b3087656d5acd1b483ae289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
386e12daad7a593b906295e946c9ab16

SHA1
c1d3ebadce41e82acefd949ee009e44a6c121042

SHA256
795997db0939478026b4ddd7712610bf22db0ef144a573a8da3eac020ab33292

SHA512
78532d5805e59056b281132729b5d9df111e0a15d0d3d19aded52304802f71a5eb5d8d175f59693ea9cf3d291d3b4f814c85bf74e7861e0aef7ba81feeb3d9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7159b8c36dc8463976f13604af618ff

SHA1
272b2d579b8cf81723af0c4b655f2103c0632770

SHA256
d4d7ebb1a88faa6a16515526b20bd2169e611f97f3a74a3fe2be6373bfa87c73

SHA512
6682fd0df14884fae249a8646f70a10d6447dee27b30d9f1bb6a16233a15553450cb17f44091a9dd7dc5eb6995bc533c9003cd63a14ea967c27ae76c58281898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75cbeab792d4baf05179ccd8579862a4

SHA1
d045ee27f9c6b7ddde4db53a485a40de737e5f5b

SHA256
9912c508bb558ebe54cc6dee27941e8ba1e1f717d99029e836ff029b90dd3d00

SHA512
17aef6fc9e1bdaa54b2f115787d77a7e1605e2323c070a7988536c7f1e08fa3228c7f5d75824eb9a0e6a543dd4712f17c08186b15a49a65aa7a290313ece9548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
188d209e11a62366ab512b13bf6b3119

SHA1
49a75a333b81a63141153528af03cf79e450d788

SHA256
bd090ec05f33d83a232f85e0f05085c44cc19112dd94c120b31b4c7874c88f92

SHA512
cee29897d770be88508655de7c93a74a785005963bb0a79b5233f7868003984fdf907e5faeaaf275c76c04798c71ad725c4b08d6754b7793fa2a4db6c62fa61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d50f9d85166b857b1a2f1bbca6486ccd

SHA1
fbfd371101046a49aadf9c0836d61927a45ba9e7

SHA256
d4002745f15a35548f9d91983fdb888e53f81f3ead901ce625184c23084407aa

SHA512
65199ec42b0ec7762aa6e3895023ea86ebf043001fe1e8f75687b581ae315346fe03a63cf8d01ca58668dbdfa4057e083fb7c0edefe19e4bdec98e5e4b30face

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1e584222f7d9a9d3c5a2a4b2f3e56b6

SHA1
43c3768cc2b3b759135a9d81e149c3fdde3ccaa3

SHA256
9fb5eb6d6e78ad60faaa6dcd36f443fdbfb270f048fbfccef014777822bd9593

SHA512
f4008b5fda295b259795e43dced2e075d6cee56bb7a688325a01c5a04d0df8a76200122b66f96f296553ee7bcdb35c1f399f113293e6b546b40272a3e51891a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
278687f954044cbc1acd2049026588ee

SHA1
e63face6f960b6b3fcb60f3f520573de5c5c5404

SHA256
294c581f6e23290672be3409d0b2e0ce6caa4518455664bcffda72ea7911f08e

SHA512
42ab8a31094fdde1a60c32f6770ea2ad4ac925bcd5b1c7c1c8f77d53c34eca91f217c195eb4608aa5239110efae3149e3a959869062bf5a3b26cba3c518f3766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc794e959fcb92b903ea960cf1eb8ebf

SHA1
2b691b8316da440baeb43f8a553074bbc9deedf6

SHA256
f12460c727edfdf6f496d6277b51a3a993664177eec1c02f38550dffe154fb0b

SHA512
46b8d47031477fd7a21c128d15a880c491dc53cbbd77981a774f04aad7bb90bedda9ca780ce07ae428778f935c8ff872eefbf9c6829150b63a8d61a1de5bb8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f58b4362530f0b28572aaa43fd2fe38e

SHA1
8a7f6e113b66c3bcb712deaea08671e9bc4dd1b2

SHA256
2624445fd41a2e374701ea6cfda962ba114c628d819cb03afc3275cedea5af15

SHA512
ac7a97db627a0d7051fa86695e9660c14bc8186900e61bfbf0d656eb6d3d189258b2ae6c97eaa0eb10e266a3b28dc0207ba7df2f7935f121dd5de67b6a52c65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ed1f4717a2f50d762dd77bc480ed7f0

SHA1
d3b0bbfd4e246b40c6b25305b14fcc7dc25a7043

SHA256
c939458f2836396ccbf8532b167c208ab5064118fa950a7533669a0974671bdf

SHA512
a28fd947b7f4377c597ad65bef0b2a9a5db3b03711f1174e711dca9eaca9a4120fd983cee7a8d6156b44e0cf2eea81f8e8f72c7d273d2c113982ce34c6ae6706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8c2a394c0c1538abdf51067d6f55dc8

SHA1
31a2373ec52afeed17d4c370e06fbde583ce9f19

SHA256
33863e0f846df9ccb6e161fe7c181dd0abd39224a1acbf7022ee74cfc419f076

SHA512
b161385da412ca01509f1ae8b4d4ff160a4087a595b6544ea2e865d44301b0bb4e1df8167c4f9f178b93319902bef72e9b24d8814a5a9c13c0590f7ce53436a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aafa11b9500d67dfab35f19e64bca810

SHA1
3efb2dfa312ee1becefe62957689d856d3342e0c

SHA256
864c3ad26435c072a9cb27dab46c8fa753943b2d59d71c5ab1b587612de0027c

SHA512
2b09b80b9d8383b9765d893fb21da7305cf2adf46c86383c5a6acbdd8e2bac6b40088a06b42286ab9d642d97017a1fe007cb8ce81fe34c41e515a276696e9077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4af35053875799cd573300a326a7229b

SHA1
2bde5205e841b4189b135693bd105fa129939518

SHA256
e5c2103da0799dc7c070ffcf9137d3d86218c47cce2926af2c2e8a26c1d1936b

SHA512
4626269e56cdf9ce7024a13ec166ffb4ca5d39dad491c4e5711059d1bcf9f63ece707b332d205bb6233bd50ccb3297067438981fac483c966dfd45e5210b28e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5da586783519c378dd195f852073c8e

SHA1
c5e8891f921ee59f5c2d30de8610921cd69422ae

SHA256
a7baa7c39f2c367642f7b7f9a2ff685aec414cfbdefd8638be4b2785fddf6e72

SHA512
d836af78d32506a9ef474ce13e580c6c46a9dbc9057ba34de7d65520439eae978c5221dfddb3b4d8db51b433965a95fa661ae8d0f531a30240f7db77c75abbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
480B

MD5
0718918ce155762f061d29f08ab108fb

SHA1
51347f1f2b919969fb473e74c71b890f69d77408

SHA256
07fa7a7e04004971b9ab93ef1b1655b2923906ab89d5127327f9784ebb60d20c

SHA512
f6afe4ef016cfb65baf63991e52467e5e6125dbf79684d0394b714706eea697c14a258d3e2b5513a37334599ae64c9e2297bf0c8cab3ae3bd3577cff7892a119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13383352651377081

Filesize
16KB

MD5
f1df224407b46bb72a85ba44727bae46

SHA1
bb61df27757cfdce91635081747190b38f0ad046

SHA256
f51c7080419ef77e9c405c474a6e183bee430e348afc51cfd0c247241f58bb1e

SHA512
5ab307c364711816a87067812e56920d3747accc4e0b026a067df2c6d7d7fb1be311f6f96daf7ef6ae7e27c53c8b1f7c90411fc71277048b73268ea88fd99382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
f80b69127e3cfd1b0b3f33d417c486f1

SHA1
579cee5d55003a10c33c17cfbdbe72f6103922ff

SHA256
42d930f76763f72ba68b73777f82adcd458504911e88bc42edbcbc9924d9fd78

SHA512
c42680e54eaf2561a08dd97e2c8d5b1e5dc5059fd6460807022b39e35d6e01b63cfd695640fe26b62ca921592ac4d046d8867ce9cb170749a83db5159b2a4b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
be3a83d1a1f5943e961c25db14a29e71

SHA1
ffc792d0241baa4fe470af637ea85639bb0fd5ca

SHA256
ef689f58cb5ee8f228186519483f335ba7c61c39113c8a5ef71b1a3df972e89c

SHA512
70b79c7452ad8379eb163d79e0c3af19f3e7e4480d3aaba47e79eaca72f3897884782b96d581ba11a28133c4601c670429f9551642f117dba0c6d6dc144065da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
14e8d8c56898fe60524e259d81ac8625

SHA1
cfb09dc30c2eff0bd9f24b2a7b5beab2c7d10841

SHA256
bb74b0b34e81c7ccdf34e35b8a45324bb5e360ca3e5acc1856d2b00b883afdfa

SHA512
1943891a50ddbb3980065db7f2433eccafdbb5bf91af1b1c2d2f6d8cbf9f06363b4862e95a939465119d553b2f28f80b4523d4e1ec713d41e5713236250d6b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f511ecb8a086b241fcb85b7f5905ab05

SHA1
147526435f6941ee851360862771a04e5bdda252

SHA256
fac17c7760f09ddc791c863dda2f73e17f9ec16c044fd9a03464eb96eaae7785

SHA512
0e5662112eb3a60974a9fb0f34eee5440f078f3ed192534ccb879d9bc8fe68d463f89ec2c03b046b5f5870d7989122ff937bfc61b908de0b0c621e688c6633f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9fa0fc6df1988d8ab6a23f6c651b2123

SHA1
81c3120f8ee8f8a11190346a8955698322ead2d2

SHA256
7fda2fb18b85402daa844e0e751e5a2d7bbae711846e9e1e0d1ea04772764b59

SHA512
899075c99b668cd913f42bcae59af9a358baf7709b644c76e8082fc4ad67edce09db4268c7a0bbd162803c7993c053882b5c6d46524a64ba9e141a2c44b215ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cdf3b2963a457af19ff52fdb75fcb5b4

SHA1
75d1e0174655048cae34550d29a568b9f9e96aa5

SHA256
98d690e5f3adfccd92abf2164104519dca356fc14142841455c9b15e7e892555

SHA512
aa8bb49efc329c44631cfdd823f337435d7544a30d54485a514f5e06fd2445cbefff9b27fa3b16fdf12f149889ef99a526e9d8ce307f64b39578d493c962a3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1bf11e70fd631eda544cbec579686a8d

SHA1
a8f7137f0002ee0712784ee6600c02a32e080e58

SHA256
e03737080cc3fb1b516b3abef21b631478e50439826295b01718d83431e021d6

SHA512
57103e87f6ea7711b7cae9f6e08ddcf7cfbbb31686295b8af49e3bfaa19c6ecc5e79e85de780003be438571bf81e2e37f173c4e93b8dc7a776f49057bed967d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89b2324d17215a7cec64f718362c5648

SHA1
66ec83eef31314a299664cb6695e4d2cdb70063e

SHA256
d201749e410a09035a3f8436a9a18ac02708a8e40b580edd1c66fb2a669cedc0

SHA512
33dcedd299f3d275709e1df873b952bbb0e53d2c6517197655e92c6a99aba26a631f98be7c89cd396cc7ba9f1bfb7d063ee90262075310f3be44903bac8018d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75cb15fc695a3dced06d7bd3fceaaed7

SHA1
55f41be925946e8c775d8d3b079ddcf4521c0780

SHA256
18ddc702dfcc7ad2ab8adde4bf9de2ce3312f4b116b4974ef2ade0a85691b35b

SHA512
113f21aaf8b696cbdb3401f69b6db25889e393611910eb3d4f2f2b961a7616acd3596135f2c03ddc7d377bd219a6c29b61be29fd4ed3532d97ec9f781b55747e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8d5471de35f6dca9d650349717ea2997

SHA1
2fcbbfd2735f18f5940badfe72fc69892e3a35ca

SHA256
c7fba12c1bc4285a6c511fbc5ead754873109065d6d8a20d927e4ed3fbc924a6

SHA512
016eab9906ebac93feb375be6b9b6a18fa88214605b9196cc5b464e685d34e61c9201788bdfc353e7e332d42ca1be36c60ad995877355d8969e7848026e62187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f2a176ee46cf5235c484014f2e5c7eac

SHA1
ae7eef09d65c2d1599cd3bd59216532dda93458e

SHA256
e9943fce180ec60ab1fbdbc9a8bc20fe650946e5cc9f03712bec67a05ac4b5a1

SHA512
f89a37f07b0b45acbbde56d6804f7020eaad685357b01bc51131c2687c3dab28adb56131da1d903cfe305f9675d65e37e317e5aac81c199380c0974a0e2b7303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c549dbd63b10bf3b9a7faf79cf94a2d2

SHA1
4b87f68f106cb02766a255780cf64da4bb6fbe86

SHA256
1548db13d0570f0dd0bfc0cd1120fa0033d75c4c7d3ae71fd5026c4f75494380

SHA512
ed97fd7d9874f628466576952df5afe9fbc238fc38d9f6d088d03ffe7491ec111c2709179cca66e2faa5d5d038f5979487a47f265b0c68b22f5d4669dad60068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbe011cc28e6a0871e70abbf11aff2bd

SHA1
9cbd82624e4e7ab45ebef68bab7df909ac1be395

SHA256
2ac270296fff50d104220796bcbfddcb622dda08a7ed9f6040328772834dfd43

SHA512
5248e09a321675433e8f6258af73ff991e1de097134ae4cf58b8e9c3ca4d7b239e498b3682446fa0fe297f18d6f3285b02de42347733391572665bea3a21ed74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e721ceb985ee65ff7a6b19ff0c7a2ad0

SHA1
9fb592e40c2f806abd948bfbbddafd596d8c00cf

SHA256
dabc963b59d8ef4044198016e4f6dd7357094fbf8d84257683f2b676fc001f2b

SHA512
9d1e654f6714292bde17690b4dc3ff13863b29e40712db8de81a610e6b97a3fd5f4416465f37eec31d12537e53d3d1726cee40208f6c399ff3e7b75f7a3cfd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
74d8e186d39510cd4c37a6dc1c73e946

SHA1
5fc01665791d5d9009daf30074f195c01b18d0fa

SHA256
036782e8168ed694343d1c39c2dfe7f8b435197209116e115c9a9925c0360f55

SHA512
72b5aef299530965466c370d9828de3c22aad78e89c64f995656d8a3cece9913c4ff9ec6693071369027c464191662aad87138818db27f8c490679f80682f414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fbfd0144f41b0c8394920668358656bc

SHA1
ef4e8c38139e8ce1231dcd597d44753fe0bbf892

SHA256
4db7c03dcc50fa9113927b676902c894e40d36e1592ff01143f7076fefd4ecbf

SHA512
6d174f4290309c691370de31e3dc60d090b1ae2fd7bd33c66bd38bd0825c8754d20e58a87f7ba3709811faed0c2e16daf2ba039bed5ae31e61dd39a0b9ec1715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d8120df1eee8a28653fe0f872d24542f

SHA1
34554d4bb0423547726781620c24ed3ca0a43c5f

SHA256
1773fd37c2e19d51dda213e0f28780af64cb71b37a91ec5e6185d7928bb9fca1

SHA512
80b7de1ab6f7cef620b0764a3271f6dc3af9eeca51ae62385573021171abfcc3c9515d53fd504e5fcd1d1606b7151482c8af3d439b49a0751bf74e32479a7bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f17386526d8bd83f776e1d0cb4be34ed

SHA1
5ceb4c0d2bc7ef6c275e8bcc7512ae41625d6c8b

SHA256
d37bdc4245b13f5a31f5c087d61e8f097c1b77bccc8beaa4c4baec1cf0b23189

SHA512
3b5b4b774dae82bd5bfe3b1ae0c81ac7f7c84cfc83b674e892b190a94a9a5e8ade0ae61546de76929acbf80689490daad21f85386ccffae995366fe2c94adcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a991ceaa5232c881530407d9abb1c2d4

SHA1
387ca2bada822dfbe24e827ddda4b1f6329a6b29

SHA256
27756238d3a140b5268d5d682955642f77c1054a0003d407aea318918debf06b

SHA512
7c433a45315f3466e4ece65ed6c761abd52f4b5eae6709454a29d2b8037604048877dfea72236c1edadbb2c0a897ddb3fc2ac12173534d6fc1aec45b7d4b32a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84aab7db0da24afdaeccb326398a24ba

SHA1
c79c49ee5bd34ded5b672c69752427860be75ece

SHA256
10788f3da3c141704d1ba6105e47eb0111f83219d09f21d00788a7777a938fc3

SHA512
37ca8a0e920ff6883bf2932fe0efe3ccdab4db27afe517d2c4fb1875108df094320636491143e5f9422720c95a66ff1c2a248ccc323a05fb50cbbd57686f4abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f29ec9e1e2b3476b8cf84ad33f7096ba

SHA1
845de33f225cee9ec4d15e39fa49908dfb87e868

SHA256
bbcb137871b5d84f9152073a955c73cff960f8ad4dd4e95c121b5fd39c9c2bdd

SHA512
d44afe35d62884e7f708c5fca92fee5469aa42731f0a0c73d294fb26fee82daa1521da1943bab93dda1ae582ccde7a8f2cf5e8023ab7c33e2c39fcc26bcc9ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
86cba5560a278f37595f964c788b2325

SHA1
5a6c11076d46260340bd7936793387d588385269

SHA256
ccd7d90c1460b2211c9facba5fab33febd91b63373653cfccf9ecaa77ab51171

SHA512
23749c52dbdf1d4a035c0c1b8f841fac390b69b7e24a4ef68a76720fa3ae23583a8c482f9d0476beff75bd94d8359d31dd49096467dfa0e6852007296e897d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
60208272273601a3e4b0ee04d2fb76e9

SHA1
4628bbe8665cad19db4142373033a8a9b3ce96da

SHA256
009319d629f493fce4fea1eab3af34741015a0633aa9cbe54cfb774b0e0577fc

SHA512
54712b12b6e529fd6f644543196730a5db8d63c17137140bccae99baeabdb73b4d478d8405cc09cc8caa35b7ee9ac5c860bad594e3a4a270092cbf7b8a94a377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cc2e11e89e09ae6635b2fd446a9bee43

SHA1
3ec46b2ac21fb2b5fb14d482924e9fa4816e0493

SHA256
6b4db51cc930eccf1f5d624f0b1cd98ec0b40540cf1a224f619f4be7c0048a88

SHA512
510007fcf0ccaa0c0a7f0ea694234c707e09e17add7bf56cd7ae474d4e4fef47f28e2fdd733887be4180ef1ee30e0e045ad7784ebf159454e45c23edc2f06d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b86c30977a4d5b3aeb0c639834e16939

SHA1
783d1256ab8800464602dc8db23a430070106254

SHA256
a8fb6e9a9c14cdd837f6059f9a2ec27ebd73e6106d7aaf2ce9b3abd02ba876fd

SHA512
af69fdc8a653b71e47fd17cd3de6a35481061ab5296fcdb3a2d087696d61be65e8c672632a40bec672113b8a6af29373db01f0cf43b9422fcb3764508da3878e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bb998.TMP

Filesize
538B

MD5
13b08129caf1763a373ce6a76c37dcca

SHA1
16dd395993cf77d66fbc64e62b30055c9d1e75f2

SHA256
372e2c8f031c58306f51887131e4707c7290dca9da4a7e8ea1c165304d2584d1

SHA512
6bd8629cf1d9afee408c10e9e31952126da301944e02b58baddf0667b77132cbc3aec7fa173fe3d17964e5280b82dfc0f7b59df55c58c39ac432c192080babd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9fa0917fa109016312f655c4441d1143

SHA1
b917bcfbba29ed0f0f55c8cc879c83bac40cc568

SHA256
45e599bdae196bdb17ec3e30691b62dc2aac535fdca914724c637aa8507b5d53

SHA512
7ff4dd898aa7bfce700da272fef8ce2a8efccb2dd37762f88cb6ed7d2a9372eca223ad0b9fac070d80f4c6ac6f2c1b688e5b099ee9486df86c676b4b0ac49e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
d526253b7b05949f7b63c53c9c19a447

SHA1
596f17be9c4a9ac93c4f4aaf678d0cef9ccaf0bb

SHA256
670c62dc9c4a0ce94f217372e9d771b805321858d498671cb2e170266751d76d

SHA512
e1ad693871ef2443f475dd55d8db3edc1be94f5dc138f59813a7a17b48bccfda14686ce16a2fbc58eab890bd5379523281667f9539fadc1e97fd13f4e4cf8c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.2MB

MD5
6239e85fa619cfb168d6239cc48497f4

SHA1
bfd27159ba0c1fc3813fa9a632387a930cc2b0af

SHA256
5053b41a32885348b23d515124d831150495de6c0e08c2eb408235bb377c5803

SHA512
25d68c53ce00eae18070d046b9a6215d5bb2f3b3f9527359f7cf6b45d59d76adf56566394a85def92da0addfe93e8c9e57795c262e93604552c6df5d7bf14e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
830c47e7f21fa022694fdfffe7b18825

SHA1
35ca10a4420565a35897912cc6a2698ebaa37fa6

SHA256
b2d2e272dab34698cc3867a3758fd3010c8946e67a74dd407d65989113268e78

SHA512
b46c9c6347bb613e53bea889ebe357116015565c5c1ce7d1658d235b6f0d0ca95c2740757cd0b8cfa8aad9acee4d783af8699ce0278df141874b914d8a5bb2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
83c830bfe49f810355edc591dc5a8434

SHA1
889909beadec7073762d0333998e3495ec578fa8

SHA256
ebdfb316fef36a540d008185070c81602e497c6bceccea82a69d035b676f1277

SHA512
ceddab69accdfdcd4933bfb05bd755c9cbfd23a6e66e9084792a390719796e6c657fcaa655151655d1f531804397423dabb1e4b5d9c5c7fbaf039a957a20ec2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bd426824ec8fa9a90328055218061073

SHA1
6424ad528df45cd2c1140cddfc09446eb4b89b8e

SHA256
1bcba5917472994dbd46526ca9e0353dc31190159b493a2f1b24a84a07c31329

SHA512
1a10b4c7dd85b079e293fd287a36137be7a504a70c76842e9f744a134b2c0e4e6d90fd085d478ce3a3f4fa6b231c26476d00803b60e369a3cce4f6af777cd9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dbb518331c6dee177984553357d376fb

SHA1
81c33cba64142f135e267e8d6413aef4e01d8919

SHA256
70b3d596494b3239f4f18318d75d36f10015f23a552e6e4020dc15226f9d6911

SHA512
669280c0cc2b679ddf0cd431e0aabd82e77354b8b7b191f646be9d9acbc9c18301eeb3fa79c7ed1d4e2e53beb660d546b1be26f60a253fed1ee4ea32bdc3efd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
befdd1ef20ce4599351e05365e3a1a04

SHA1
67dcd3f59b2cdc0d808a8de18b9ba5b9f6f8e1b5

SHA256
e5505c64ffad2da3eeafbc01420945fe8e5e28c7d283a6ffb8beccef726773f1

SHA512
1352c66930361ab81b4c50202164467a074fcc290dd370725ae1ce379d6289a002fefd0b022e68971b957a573e11d59c01dc655c965200a81d148ff23154c5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf4f114cc5c2eb5acec4cc7d253a3d77

SHA1
38a9afc19a4158e9d6bef111a20fc718538be61f

SHA256
bac0fbdef955b1ddb16aeb7b5962736421a815a54dd2f1b351ae35ae65982437

SHA512
2d02ba946badc00312df90747ff1458823904a600d31020d615a554cdb2e03b93235003dc45b96fdd47e3f77c47ed52f6dda9fde6107a36846c856d0dc598b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f496c52d219d3d8e0445f286c8b69a80

SHA1
ca370a8a602348b47e158dc1b6b8e05087ed224e

SHA256
488764d6196f58798fcda731f53fd3c91f04cbab98bdeca1b2546156422c5af0

SHA512
f684dd79a60ff9a652c0e94fa27b4af632186f9a6976bbb282a8c857f274c29731cad0566af8e9145adc5687f1a648d0821ec6fd6e538fde5317b1bc34a6b59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ecc02bdbb00ac089dfb4dbccb0df514

SHA1
4937220cddb31938b4d85c8483abb714fedfb382

SHA256
e609aef25f9b0d23c32188a7ac430ffb82acca50845bf4ecddd10c8396213ec5

SHA512
efd59c0f204ffcf8e86b819e65eeb70ca7e40fdf5475a9ceff5dfb442d49fd993eb54ad83825c367670a2c6c9eddd9bbeac23b341e22b7976e7520c678fe4369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e3822e64871af0b67243498cf1223000

SHA1
534653134b716e60a75d1e3fb9d2da954e215e00

SHA256
e52f2403afa96455dee8d00a86270c8c808dd4a2cbdc5a8b8b8eb2c953bfbdc8

SHA512
125490b6c1129fde00df9abb5df2f4527cd6b5c725ec136594491e0fbbb0b38ca97703849d003a66648f0d6fde6e81eca21a525dcde63eb7f4f2b41f188c3061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6263877c861ab9ed63f8653298875797

SHA1
84ef0d96425fbfda2706bdf73e9fdca058e4b7f7

SHA256
6c022bda1933dd9c4511958d908dc9d88d655f7c5d24f29b2372ff78149c6e08

SHA512
7ba3e12da9e5ddd54b2845d513e944af3a2a4f031b82c5d236adc1eb145372479de41bfa0ca4ae4973d9f232477734557f34321fcc0eaedea37710ac1bcca90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed05f7a019400e2233cfc0fdcf2b6e95

SHA1
2bd0c5d0e476ae983523e7d5b8a770a8d1f82972

SHA256
fa2e7fd411dd1a28375aa9d94e89bfb86e0d609d276a5e810de4e02ed9470dd1

SHA512
7469a44771447837b6a7c57d3190180f269d86634ed7688d3ad6b96332fc1af45b6b238987289a2361b3516eec7e5444d60ab5668f5348ecb0907d54b3cc745b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70e9d2f8b30c340b2fbd381112cbf1e3

SHA1
179f9aefa244dd5473b43703a238611f83d3abdd

SHA256
6d2cf3a57ba0e217e2ff150539e2237b05f0a284098f34f7979845b3e25c3c74

SHA512
113c7a0a37134d476799ed53a6d70ab935ad22c3494c87d41e5719bc4404b5958edd4d4b2686df2b9554aa69943cab23083fdfada0763ac931f2dc0693032f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
21b5c869b4ae175546b178c277975f12

SHA1
1d71aacbccd4825769c24019094995cc640741ef

SHA256
f30cc49ac7ed61af6d334a3eefc7677fa52ed9d438c4c4ca2ee5ba1d7747dc32

SHA512
b69524269c691f9af08db8ad8adc57e3bcf34cb408730e975cefd26c36c0ba787e678609673d25601d06e04193135fc1b107ec25cf6b9f49f3ed22d59b0bbc96

Download Submit
C:\Users\Admin\AppData\Local\Temp\OeIIwoUc.bat

Filesize
112B

MD5
bae1095f340720d965898063fede1273

SHA1
455d8a81818a7e82b1490c949b32fa7ff98d5210

SHA256
ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a

SHA512
4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.vbs

Filesize
19B

MD5
4afb5c4527091738faf9cd4addf9d34e

SHA1
170ba9d866894c1b109b62649b1893eb90350459

SHA256
59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc

SHA512
16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

Download Submit
C:\Users\Admin\Downloads\AQki.exe

Filesize
325KB

MD5
08b6e3236b2fba82653af231849fd3d2

SHA1
6d59e399dbae674a8a4c0bbbd985d09a9f91d2ec

SHA256
ae1aa13bdeccd3feedaa34664e68b3d4a2aca0479eb9dbdbaa6a6dc74edd1fc5

SHA512
47f20015a880a333a22ad80196828609584452e44e3215adc4a604063029343f3162d9839661a43e5b14223a16837cf3f3b450b667c003e1e1a4b98a36224d17

Download Submit
C:\Users\Admin\Downloads\AgIM.exe

Filesize
231KB

MD5
1b1bde9f3808f5805b8add19cd50ee66

SHA1
548991e9fc3e1497e02953209593541558ac267e

SHA256
c81a89ba870ed01d4435f51269acf3c3421fc2c923e1579c1f32c44802baa3d9

SHA512
43d63e1065751a8c346663e8b50d1df1fef8bd1f91dcc24c5ac4fce6e8e83fcae142aacbe1eb8ae901023c0f561b0e29ecf9d7daec5e17ccb2c3eeec99ca1865

Download Submit
C:\Users\Admin\Downloads\CEse.exe

Filesize
642KB

MD5
97344e0e38cc371d5b9dcd3052187a15

SHA1
d0b21c627b9a9d557c9dbe1cb6abbaec78c062a2

SHA256
55a7d7ce26b5158164c3b6f3c54bfcb8735378783e6f335795ca9ef56ae18c00

SHA512
471cf7d45e006cd821d6187dd18e7faf1028fe35178c4419c686fc51a2a30826f7770415c774e4c52fef990446b9c6d349ff408c165a3fbb40d649098c325de0

Download Submit
C:\Users\Admin\Downloads\EMcw.exe

Filesize
835KB

MD5
731d78179714339f330b9ad7659b1eef

SHA1
c1e6fee3feb02eb095f562f780b717b80927871f

SHA256
6cae620ce6c0f37c3aecf9904cf7e8e43b95f21e772029ff2bede50f86f44f53

SHA512
ad830e53d72545a5b191099cc11a98676c770a8c6526ed5fabef5fb3c26b979eb6079b8e3fcdefd70d36f2e855d8e5730e118c0f21429d8eca8bb90b62bab1db

Download Submit
C:\Users\Admin\Downloads\EYkc.exe

Filesize
195KB

MD5
89119e9983ea1109c07ddecb53dfb9c3

SHA1
6051f81bec352f0caddaaa70a62ac8c5c8aa411d

SHA256
207dae367f9d448d12ece7d2384583dd7cb18485620a0d7cf278e66f0feb5c67

SHA512
7743f4df55066844e0c40692ecfa53694043970db19ae6e6c8dfaf3587913ee4f521ebd8b865062c3cc422b9eecbb2d210b81747efee69dae8d634440da0fdcf

Download Submit
C:\Users\Admin\Downloads\EgkE.exe

Filesize
317KB

MD5
db3fccb0991847ae0c6c22853842d4a9

SHA1
ce56dde8005796cd5c3b39fc6a096f7d1909f35e

SHA256
155a21c1f760862da0ddcd80d0686c6a66c439a3deef35bcaec7a8f4cfd3eed4

SHA512
bc16e1eee685fd7d5dd78bcc7373e935db994d135b9e215af0bec251b0c58d6f6a07e4af65b319607829de6c2e6d211e547f53cc0abd459a05aeb23ca0b06a34

Download Submit
C:\Users\Admin\Downloads\KQMs.exe

Filesize
639KB

MD5
f9b8c621c466f9d62e2d8b292e44c707

SHA1
b5dfd812c8e09093cd0c421f52b8d0e90ce7d7da

SHA256
0e60de90b204e888a26989974d6d1147d6596834ec9ecb84f20a7501895d8d74

SHA512
1277ff29cba10bd73c1cd8ca8c9b148774cb389d2ff63e8403ca0a6156941d16315cfc6916bf0ba73f23798ae11e1e1c4c300357f863781c4886cb9d4c6f4550

Download Submit
C:\Users\Admin\Downloads\KYIS.exe

Filesize
193KB

MD5
75a4d9df05436397cc3d78a97e41882a

SHA1
7bf3a980779c59da4b9baa26eb5926738205b5cb

SHA256
061b68b188ac9690ff6592ee9c9f839bbc39f7dbf73ecf508030d84d576acd56

SHA512
369155f29220d3da8947dcf5fa61bd7ae1cda0439044d9f86945752b567b0efe29950f4167f8360e18e36edb322773472d3eaf726d65e603dac97573f2c7fe55

Download Submit
C:\Users\Admin\Downloads\KYUo.exe

Filesize
194KB

MD5
a1fff87c69ddf371e0b5e41fdc0313ce

SHA1
82ec5b37a38ff003d0b42efd0dd0532a73f7477c

SHA256
e63dd18af42003506f3cfca7d82e1ac64f418b886b4fb64f57868aff03e10435

SHA512
ae52b0f13347f99fe7642cd2909d410a9c3f9c53f591a6192d9a6fd9379cc8c04f0d95822d59fda00378f51cd4461b804a24c554de28c17f1fd8252a3665b282

Download Submit
C:\Users\Admin\Downloads\KwIS.exe

Filesize
190KB

MD5
95f6fe5e9c0a2a74224e37deffee2b5d

SHA1
cb7f45ba69eeb14cbf25776947d2c0bed0a93ed8

SHA256
88ebb4f2b6c8d630417ee257d4407ed6421dec78a70c502af067be8294ea02ba

SHA512
3cd2fc065953a6bc6e45f912a93fdbc2c08193b97aa776cd45be95798d0b66e09232cd1c3fe8eb6a1d52bd2257aef9507c72c3a5552db6354c731bd2de343f03

Download Submit
C:\Users\Admin\Downloads\MQUc.ico

Filesize
4KB

MD5
ee421bd295eb1a0d8c54f8586ccb18fa

SHA1
bc06850f3112289fce374241f7e9aff0a70ecb2f

SHA256
57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563

SHA512
dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897

Download Submit
C:\Users\Admin\Downloads\OQMU.exe

Filesize
268KB

MD5
52afe51fbf19ff1f0e1bd13a44db3a08

SHA1
a68277e1a5cc79005f6d8fa2bafa320fd84ed286

SHA256
093c24635c82b151514b6ff2e198627659448b477d160fb2031933edf01b18b8

SHA512
3b1b5a899f230f423d6edc3776f6e7215bf0d28bafc99eab6ff976d747ff0d99ab5d1437af054f04631e4fc3bd40b851c12fdf48be7974588046d5df8a56cf0f

Download Submit
C:\Users\Admin\Downloads\PolyRansom

Filesize
25KB

MD5
2fc0e096bf2f094cca883de93802abb6

SHA1
a4b51b3b4c645a8c082440a6abbc641c5d4ec986

SHA256
14695f6259685d72bf20db399b419153031fa35277727ab9b2259bf44a8f8ae3

SHA512
7418892efe2f3c2ff245c0b84708922a9374324116a525fa16f7c4bca03b267db123ad7757acf8e0ba15d4ea623908d6a14424088a542125c7a6394970dd8978

Download Submit
C:\Users\Admin\Downloads\Qkcs.exe

Filesize
788KB

MD5
65652e56d62f916a2a5378d0e1c9624b

SHA1
5ce76129457803aa326dbab70b9b4186a30fc412

SHA256
c02e2be7169cf229a035add44a0f8375ccf470010a81452c833352adbcc59270

SHA512
c1d61f00314a19ed56b846aa574ecc004cc21cdeb12c4362162e27c64fb75be2b8abd8c7e4d9f24141297f6fe0ec375f38f0153190fc9c1e9ac50712285e5a58

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 185528.crdownload

Filesize
220KB

MD5
3ed3fb296a477156bc51aba43d825fc0

SHA1
9caa5c658b1a88fee149893d3a00b34a8bb8a1a6

SHA256
1898f2cae1e3824cb0f7fd5368171a33aba179e63501e480b4da9ea05ebf0423

SHA512
dc3d6e409cee4d54f48d1a25912243d07e2f800578c8e0e348ce515a047ecf5fa3089b46284e0956bbced345957a000eecdc082e6f3060971759d70a14c1c97e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 396166.crdownload

Filesize
431KB

MD5
fbbdc39af1139aebba4da004475e8839

SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0

SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 818278.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 818278.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 823314.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Uoou.exe

Filesize
232KB

MD5
05dec5d4f014ac4ed27291561088995a

SHA1
fd4ebd4d92b70a617dfab139eaec230ec4e9bbe7

SHA256
40a3f5bee3a458165da5f51ab777ba0ff9b183c7ff0c0cdd76539f180b8744a6

SHA512
a99243c293d461345f9598acbf2d5cbee096396aec1563cc143a2fc9e5843245161e35750113c929e75cdb5fb29f6dbb52a044d340c2d420b4f63e1956ce43e0

Download Submit
C:\Users\Admin\Downloads\UsMk.exe

Filesize
199KB

MD5
2bf966b098da9a15b829baf846739803

SHA1
27e98f71ecf52e33c0280e1770dbb3b60737f5bb

SHA256
d6f029066b3d0463a04c8dfcbff89e437ee4c2855b0aa5622d1b262db3666116

SHA512
83886a5934d571d73f72570725ce02d5fe33ed4be940e8b8b73e4a91b7fa03bef31938f69e441e2ce1a63cae8b14cc80cc6c8b098bd1e846d59b714bdf572707

Download Submit
C:\Users\Admin\Downloads\WcwQ.exe

Filesize
202KB

MD5
e8d238ec8a24a1abefca9b319bff1ea4

SHA1
f44affc11b9b78337f13fe0705a11e2f5c819399

SHA256
5775c76872f48d4361a531417f8166c4b8baa430308fff5248234d80dfb97462

SHA512
07641987f663ae6014ed946dcce5ac9f6f9565fe7211c57122937a4eb6874423ebf2b8d8b2d452f4c3fee8803ab518f8a857a40f4538480015c3ec6c55610b98

Download Submit
C:\Users\Admin\Downloads\WkYS.exe

Filesize
803KB

MD5
9dd63895e22d2bece5511bef2f99df0d

SHA1
ac024812ca3179a516f35e4382a62c1192db3c90

SHA256
df6628262f451847ac48b8b56a23d8ca4a7c7f3d575219986c987ddd3579bdfb

SHA512
3cb2a9f2be041962b3657ead822342815003ff96ed078ccba3f18b9eec6ee62e06f993387a48f6bc078a44dd21cbb6d626c99a0f73796ef178c1dc26cfab5878

Download Submit
C:\Users\Admin\Downloads\Wkok.exe

Filesize
190KB

MD5
b74c28964a1fef7e6da5024bdcb72b38

SHA1
05a2a01112e87d476ba680c9c7f245e3d101ac9d

SHA256
427b1f7c844ca2db1e7de810c3eafb66a6c82eae06c3e01ead58427ae38b6716

SHA512
9ed39298147dd50437d39d905cfe1a7dfbe590f43e02e564e06c6252fcb91a522648dc7c929d07c1cbaca87b859455208f9331e9e963f18f1ad25d587df9eb09

Download Submit
C:\Users\Admin\Downloads\YEIY.exe

Filesize
216KB

MD5
625c3666239505ef9e9db6e2c7425524

SHA1
8e6f2e5574f7921abeba6c4b08e0f24aafd1c80c

SHA256
5a65b2904c1fc4081275f67cdadbdf7e0edc6f329f4e684a38157a7ef370ca1f

SHA512
a6019f2b07f27da2e28650412c3a29a3fe5ebd1af5b6092c1ea9dae19599338055bdd91916c7ea3697c05a8a6d88208093a146280021bb9117639a49da109e86

Download Submit
C:\Users\Admin\Downloads\YIcS.exe

Filesize
184KB

MD5
833ed41c197243985f87c23b08d5d7fc

SHA1
bc5ddba7b5bc55b39095984094e20b98c8eb6bd1

SHA256
5bf5edd4820236e9af56d0bc296766a251ce4b44c78bcf375082171efd1e2dfb

SHA512
f8d79db2db80e59cf054b44965dcdbf3b533984bdaa81a7ba947e35575021978e67af8bd92773a38079e679bea91389aa07c74b6b2bf3c2fb5a05cb4eb2c954f

Download Submit
C:\Users\Admin\Downloads\YUQU.exe

Filesize
210KB

MD5
5331f6358202a0054ff1d978dd71438a

SHA1
4efb1ca5cee6230c833293e557545931df4b9c8d

SHA256
ed21bd2cf59684cf95f6431813e8c732a54fb306c893543f9ff1e201d76a2f53

SHA512
c3b2e5d5c274ab66d6222a68166a689474c5b10947d26d686a695ee198a8f6f20533c2c19e3908a0d16d75c9f2cf987a748449d31d9e8cd2e7498bc62ae5cf34

Download Submit
C:\Users\Admin\Downloads\ZOD-master.zip

Filesize
41KB

MD5
ae6438a5a41352e5b7b37918259bea69

SHA1
684f4e642980875422c1e666ee349d9aee5c337f

SHA256
d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

SHA512
28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784

Download Submit
C:\Users\Admin\Downloads\aMwC.exe

Filesize
201KB

MD5
b5e4971fefc915f642304a520a4d4ad3

SHA1
2be8e1c0da052e068c94704e53b31eaa9855656a

SHA256
5e4daa50ddbf52a88d524a38ac3b84837b4157eedfdcdbe29828ce5b3fbe10c8

SHA512
9e0c063c6ba019386f5de9c4313105c452a1b9e2f53dc0861ce6964f57c39e4e4ac5374f62553ab170f7abec00f4d54163fb929dca26944e571561bdf652e4f5

Download Submit
C:\Users\Admin\Downloads\cEcu.exe

Filesize
651KB

MD5
88d872fd97e8ac731d5d3784c5a53f40

SHA1
2344a0144cbe8401cd44d3e00ee16b5a441e14fe

SHA256
add3a7224d8852e10c4f7c802ed885341541460bd7a3d02b866d20ddf17e4ac8

SHA512
b264c51e3ea5f76c27753265a0d3a67463fcefb8903c3e8aa06c510b95f18526a5467db578cae074f2e2ffe223791a7fc0f23a548e5067910c85e952c1f6bb25

Download Submit
C:\Users\Admin\Downloads\eggo.exe

Filesize
192KB

MD5
6533a73b3ad88a4f5b4056568b9dcef4

SHA1
ee046397116bc52911a37865d9748061fa61defc

SHA256
147755663e1d7fea34c0e9dafc44f21b1257e3fd16048f47c0a60586978d41aa

SHA512
593e81835c779c60f747ce05d93164e472a3f27a0b26aadf9ceafa1e26df52a3a83146a828f2750fb41845b4542ddefe4f66455e8738871ef8c58bb5e462b807

Download Submit
C:\Users\Admin\Downloads\goUc.exe

Filesize
774KB

MD5
02e9284fc8a46d33d147052032dcf3de

SHA1
4add772772a45ba19fc6a4b50988fb46f73c53b2

SHA256
8164ac724752ef73b3617225d31514a7cd514cb8be3b5289d477c441098fcb7a

SHA512
d52d3b0ced732b19cf79e1434a6d9b8f7fcf8965a125e6b5639ee81e826ac62b7bbc2e335f06ea6f1e589d2e1fb77ca9308aaccfc29a2a6d94369fd8940bfcd6

Download Submit
C:\Users\Admin\Downloads\iYUy.exe

Filesize
636KB

MD5
4b86838028c5452024c5519a1ec8924b

SHA1
7d9173277fc8af8cba617c7757a92cd1abf8df9b

SHA256
d9578d3f650c951e3ef04c6621de016b72e733cd4d67253fdfe9b601cc4f4be8

SHA512
4bde0d654acc20b7c0904b26f89dc3ec18df2a8dda635739910d107038cbdcb11dbad14793b2564d3a30102faf191f9b296f51ede4f082618fcc2c6db0d61a2d

Download Submit
C:\Users\Admin\Downloads\mUIg.exe

Filesize
219KB

MD5
a28e5d29d929c33ccbfda8c436af23b1

SHA1
dc8de166b2852a33ff27a04d21b139e412965b3e

SHA256
a3a87c3fa529802cd68f23b5bf8ecf4ddd82110b33765ec0b8afe499eef1e8d0

SHA512
8319487a94503e74d79e220d7c61bff060de891b18c7e27c470a1aafec9b824b86108d56cc68ac8b88b68d49012e33b68d5161bab02f17a0e306f03e69bf55bc

Download Submit
C:\Users\Admin\Downloads\sUEE.exe

Filesize
826KB

MD5
4529a7ed38de7b0645284d56dd85a2ff

SHA1
50e84c337eef393b9ae1907f18b05975b858f36c

SHA256
0cf89374f9b522cca69d9bf6d4f61ebabd8d010072bc0e10503610d5401e7c9f

SHA512
1f3a0c670b755dcf7dda7b48e5615e7ed48dd257b0d054e15b4d35da1460734334793fa1975d131ce52460a63202269d0b95986dbccf7a6084ce61f80780da9c

Download Submit
C:\Users\Admin\Downloads\soQq.exe

Filesize
800KB

MD5
adfe191391269b408fee4a402131f68e

SHA1
3a59f92748c00fc46e94a2d4f58231d062127dd7

SHA256
a966f9796559f6965ddf5d648e84e5e2b762be9186c6a88365fc78c6c706ca69

SHA512
c9d1c7fee9b5aee9c57d068070da81f1fb981ef4a4fe015365ea03d47a1e8d93eb44fa467c22ea6eb134d3d565f1aabc5c0045c4eb17e5a528cc1a3edfeb5a07

Download Submit
C:\Users\Admin\Downloads\uAoi.ico

Filesize
4KB

MD5
ac4b56cc5c5e71c3bb226181418fd891

SHA1
e62149df7a7d31a7777cae68822e4d0eaba2199d

SHA256
701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3

SHA512
a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

Download Submit
C:\Users\Admin\Downloads\wcIy.exe

Filesize
240KB

MD5
7528612422771ff6b4d8561f54bdb537

SHA1
18b4ede1f2aff91387f7b7649da813a8e1dcfd9f

SHA256
5fedde5d2b65f8e094867ab37f9ca5e0157278ba31a2f5e82fc82749b85498f1

SHA512
1bc74a79428e18b1a34e02b38d1306c79802ebd05b699b3f339a3fc5c81b56046d59e2335465740b6af4499710958cf9b89926192c7bc1a7e540a81951f52ad9

Download Submit
C:\Users\Admin\Downloads\wcMA.exe

Filesize
807KB

MD5
3386569519b9a861e30d93cde37b55db

SHA1
38832e58ed7488d98c8ca2d3bb004cd60ad97e7c

SHA256
41c23d259bcdce831ec133887ee48e44c8303f6453aa28079be9946478772414

SHA512
9cb5d5cabd79e230cf863e66fd1ca182663fc88d9eccbf92905136082ed63845cf4081f1c46f1291dacddfa2aa1ed27919bd2338267216f33a0ed735eaf25677

Download Submit
C:\Users\Admin\Downloads\yUEi.exe

Filesize
637KB

MD5
6dcf3862c4f9b7d05dbcae5f3617f4ef

SHA1
6f66c9ed02abc4a5f8f018b637eb49a1c43a4561

SHA256
b8ff42e90bedce96910f56f3094c41ba0b0af60efdd2adaf389a780d4e4aca53

SHA512
d57d0a6f3437072391d602d0da129fbf62a52ff7a75a792c36b2f091d3ac1076cd3c0e00b4e972b9572c261c90025477709cf60e3ac97e7fdee7f67e53b9128d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
7657a2f57de741520f8f83431edfeaf4

SHA1
f6cb4500ebf8814c1dfefc2687ebd66b2281a79a

SHA256
ff602b0c057fd9f3ec73078122ad67d57ca00d576051253ae8398ba5c786cd0b

SHA512
d39d2b9b19235bf92d5dc1662734ced22c1d283c235bee7a4144ffd144f97335f6545a3353bc4ab932143d3b51d32fa85caf345af9d84451440f846ef1317b88

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f895610da3af8c882564e132fb70e32a

SHA1
a2e16403cf2b67a329fcbf73cf42eaa41bab7863

SHA256
2532e60ee3c501f9a044bf04561c9356faa2b1f7d319ff314fb44574d8d22c2f

SHA512
42b67bbe90b6fb1d190805a6abc138251a482f1f8aeb3494cd55af80ec26b1db034e38ad9516580328307a18f61af0c1b8f80de306fb49e22443e9c2768d261c

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
bfbd8541b276faf02f52eac6d6ffa436

SHA1
923ab5b872198e5cf95a008fa417ac1edaddeafb

SHA256
7c20658cfaa07296d35322ad6e3711f51e633087ce9a629f4fe148d5f55b4364

SHA512
7512f1b3aaf29ac8fd424f3127c9936f0369103e08b9e8b2358586ebe96f5afebea74b6bbee27435d1b549621ddd23b64fabe4eca76a92c9da2542a219da6db6

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ba37b6b2f632e04f311cb8a013450ec0

SHA1
0895028044e8fc339d27b10e156e3ba07f91359c

SHA256
2d038a4e40c5ac933550ffd89fca969c5da01c427b542738b43bd92a086cb69e

SHA512
16db518247c6aeb80ed4cf1d2bca51f8337964928d9bfa3314a694ba6eb9ab343c843dabe6359f2c2d7ca6f54479e481aed2e735bcaafbcc5b0544610b79132f

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b875de6bb2925f12faacb7c8d5e0abbd

SHA1
4ebd50e04c4b9bfa66277323a2ff3ef31c8954f8

SHA256
b4cc93ab7029481689a797dde1984c170aebd68415e260e1986ee3f87cc57f81

SHA512
46a77dd17314d908864c91aa192824f3c4ff00afffebf708e276fb69c543ac00957c3f49161441467f4efe58b2055bf7b24719a39032be6345d3a4fa3e61678d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
5a4fc9f9eedd0f2e28a0d8ee08ce9195

SHA1
7220fc14e66ea4d2e19f3462ff6b565148f6cc00

SHA256
3facb45737ba3bd787162c85cf6e6d27676f4c6cb85dfdd9ca0d55e4f59cd2e7

SHA512
70aad65e1142c76f54bf34494dcbb268ffd255cfe28abb854c2331230c649b435454d8f8a0900207996025feb8c76f8c6b4cd164a3b472903d054762040bab06

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
0e1529fb01ea011d767682728521234a

SHA1
e42396c6dfcddf20ffe7a1c97eafc32babf6a62d

SHA256
f225803db00fdd68972e0f6c067bc1d09accf6eab7f145e3f974b323d7db97fe

SHA512
28538d726cc966277f1a33b609b171860d4a58636b55530dd705bfeab90beaf3c9926c41758d6c81788380a0cd35b6cbdbf334b4764708ba007f11ddc2ab77e9

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
1fc0c756e1113542d93cd565a1572ce7

SHA1
dd5acd93bd420af47c0875bfc5dedc12aeab7680

SHA256
4e6b3261d4f8031d45fea750977de084e50c551983fb82619cdaf62a4a81b59b

SHA512
ec6fcc4edf28a3951704a5d58634eada93b79828ddf3a367eaa53db7a4af7c06ac751312214607a17dacccbe3259be78bfb2c524271146065edbc73c77af9715

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
630bca5395d71743eccfb4e6fb40eb7b

SHA1
8e59183ef21008ee8cd1b69017e5616aaa9de051

SHA256
7b292850fc11fa72395cb63df6e5b4eea100cbf2e35d6274b0e162623f2c84b1

SHA512
f38f8417a1468bf1407faecdcc659637005a4be605bbdfd3719dfb41c77bc7ebec98668f8e74504f27630688a89598ea43983979ae07b6f9b092ac90c30792aa

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ea5d63a84d22688fbbd465c43df83313

SHA1
47df5295ce88927e3d8055b33313d8df2cf44ec1

SHA256
a21d1e078a7422cb9476d03686ae56b69ccf5f8069cc9f0b951f74e716b94dd4

SHA512
86c7dac9463df0df571eee19f233b606598b39422bca680247c360b48d95bc7ed93fa4f8139c8a02092a72b35c1e60ec6f89e9734bd441498791fb39d548f3a2

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
d7e27b1d746d6db252af4ec5e664f012

SHA1
be69f8e9e6dcc4b6257a436993511288e3978f5b

SHA256
69c9e1169e39695a4e32b2af4abe6867d73ad4092d15b646a8cb3b7bf9823b71

SHA512
42b9499380e6423e42055bdc0943ff6b4c3f62372980f8c9e48364ebe11e5b5ea7546c12a7059b6312e9fb2aea5d52795e66f34f63bf2b677ad87a5e47b15cfd

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ef4dcdc6f1789853cce182c962742155

SHA1
7bb1fda5d7826703950b09c963991767e7d1022c

SHA256
1413b0336ef9a5c2f900764252c8fb86b433eaa71826a2a36178881a37c1a571

SHA512
3765986a3ef77a5026cf85175af567a22806f0c0baf42b313a8b4510420a1cd239cc28184466201ed34356510487c2ddb714ac6d893a3547840ed22e98592ab7

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ce4d8b404dca085c8563a30df8d799b1

SHA1
db7edfae6683eff4be678e4cc5eb99120e50a69a

SHA256
8817fefb1c5461be0ea19e41b3ebd3b80c69dcd8e411b2149a0d677bbdaa21ea

SHA512
b8c84452965b38c45a53b366f472acef0fa9932101294b3c9fa122ce91187cf39e3ec0ddb95a5b04e7251fd29b55bacc69f484144bd3ec2620d89d93b5e5ac9a

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
dd280a29bb03155d80ff1168a140767c

SHA1
405b680c33672f184d5a5a31826890d492242b28

SHA256
ecf6d08ea900acc81413a64831a212ac11042eae287011452a2a0f8a559543f9

SHA512
dcd933904797326c766c38ac46ed2b24c0b386e5d1e37e64bdf83f77b4bdd1a02562c344b6fb6a2e6db8696764273ab4011cacd2ee8a92dcb88819510c22d28b

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
cafee392c7c9ed1f16a709757408293b

SHA1
099d4d7b6ec014376c12744d4f84cb2e0839b50b

SHA256
9c63365e33185b3911a1d7a449ccdc6604df563c25e1065932e8c09764f4adc7

SHA512
f4b627b92f033ef888e4ddb2445a80abb1be8a3faea5e2ebf64f48fc723543f6f823b707a1683eb799fc324df0f38ef01ddf8c59fdb2274b9595cb68895b3367

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
54956a67e4d13fba087ce6d7a1d200f6

SHA1
4b22f2a46948c322e27d5e65c05834a16b3360ac

SHA256
55174f3cd283523abddc27651d273c3c404b9b670bccc8295254e74139c94f45

SHA512
8bea791c71a9188c42dab896c70729cb1bfc998755b5b2f54aff6f5d234656f3be81549ea7aea104d2420b10ba9b5a252031f437ad872c42de59de84c81f49db

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
021c4e5c58c9313e452f65fdfb618075

SHA1
1c2006c0739863fb3c0e6db2a22af477622923d9

SHA256
5b6354f126592843bb43f92c4d48e39fb45ef169ee896b0caf1644d8ccdac0ba

SHA512
4c3a040e9bafee07c14000b9a1cfd507e76c0b59ba93df9fa259ce86624ff588b76bc2b5b23ea1c1c118541e8e26cde38465e2d7482b9bd37c4c75d8482a4d5b

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
5c20814db508e2c97bd1a4b44f81296a

SHA1
db80ab26b6fb9c6b0073ffb913ac816f4138173a

SHA256
456db0b7a3c37948e401dc283ec51ca654a324eba49bdb9f643d14f4876cd15b

SHA512
3ee56e94389df8aa1d704fbfd3d747ec1bc69eea3d5c9ad97ed67e1584f9459e0e7b71581a4ac5252f5c7985b5347b5956230008fa481ba65e1f650a7e6b73e1

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f92abd378943dc29f24e3299cc3339c0

SHA1
fd9cd373eab07ec70bdc93e791c4642cd80ca7f7

SHA256
2507f7ed9143d3b6e5bedcaab0face47fe1ac19aedb2ead9024a9620b991c2b6

SHA512
077e285c13c00c494a59c96de7a6a279ab981788d6245decaf97a198451ed940abc0648bd6b5e6de61ac905a30a20a605d4adf08926101f69b524b05833caa58

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
e9d0388db2d791a88b1294c2dec7a3b7

SHA1
5d23d3584cd3715390cfb5d10a9c00fa8c9e943f

SHA256
fda016b37928001a5e46390a333b29541cb3a90d082f95594c28b7831cbe3941

SHA512
ab67c843f6892ca167db69e1ae4a9fbbdd452798e1e02e56fc23279d0072e67a6e35da408db525b7029d300eb0374b0f31c08702a0ac90aee8d25c13cd1433d3

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
cc44cda876f7357ab744001bc65dc15e

SHA1
7eb49405c1b07789efa75dc82b968ce4de6fc37d

SHA256
4eccaaa2e1710a997d4480c5ebb46e75b1dc02a91ccd2e0b4d761d41c59f43ce

SHA512
ced746ed4c17d05a96a807fcb6ab2937265d45c4d594f2ff88fab4779f6116403efd0414d769da7789c5f5a25c251a0fa3cd45f92d0ce14e4c6e2f2d505ced0f

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
fe1be7fa501cf414dad4285e2bdc720b

SHA1
d3b719095f1fb2eda33fceca3e7e85b3cdc14d18

SHA256
7ffeb100cb706cc7781027d729ab7733768077806c3a5605fed9cedf06da0d8c

SHA512
d8843c1268ab907253ea630c60e4d8d01da183939d5f50ca2fc5681bae3c7f4696d33498965626a2f9a137bff7cdc9740bf7e28f11e5d64f634726a0d1dbc1e2

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
67cd2eebf8ef849c2930aea1fc093870

SHA1
f8e243239d63bb751df02f70e29c41a7f0df40ce

SHA256
36af36fed5adf90d4c186aac44d60e6b3405b77814c43812c0ecdbb7dcd24ef5

SHA512
a4efc447a771a97bac2076514872a50fbab64237d65fd2c8e0529cb9887eeff10ba7845e2f716471a93b25a984b8e87e57cfaa4839654650ff0d6112adb0a661

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
03d67bf4380c748d1767852d49988bed

SHA1
e0ae302a1e164259d4bcd56a012d9e5052b1dcf1

SHA256
366ed9857cbf7733e412f5bc0c7b08be36ef05abea884106deabbc303547fa4a

SHA512
d278b2b1b6c4f5cb129e518af80784cad31c57eb6039e80be8ce32f84e3ae57c1f45294832ed8e803224f18f0d8b650f626542c8f89fa97a90a3e326cdceff99

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
fcb9d34f4ab33f06e8df40aefb5d98df

SHA1
a466cfc56dc4f0a57694f3acc302a7ebd9893701

SHA256
99c5ebde8f0448d27496f7372139e95611eafc9a9de923a816f18365144a29a9

SHA512
d159f279755a2442bdade8d139f92a8db2c27b053e42db8205465d367ce358ae94943db9dac68e763e394ac5c5ea817ff3506745a8b7d62368a14a339d40c68d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
37f724fca6976cecfaffc70d78ecfa1f

SHA1
186ea25fb4d17dfcaacc8ee74c8946418a8af143

SHA256
2100b3410ce677166d7fe6c2429086bd376f15a0eb5e8b585f34a89a15a4a46a

SHA512
30347ebca425ef48b1a3da00ded5f588a5115018fa9a84aa3e43a3efbf3eb9513cf4f166ad43f337a5366dfedff8ca7a96135ae68d5e403e42f2889e1021ae57

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ca5f14c72458eb908ff6e81faf35a4e7

SHA1
67d2a1adb3c04b197005338d0da7050ce75d31d8

SHA256
5fa9e2d79814e0b1801190b3f0247e74003c25de533e5b163a5d8811d21eb213

SHA512
e4f426ad9ffb6435a6ea724c78085a39113a5fe257b93cb9d438dd049098ac19330316e5ac4d978a2c24867cfca4a2d4e7379edd61409d96b9b2a47be500bac7

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
305353d8014f908a3ad5bd560ae69472

SHA1
b75d392f5dd3959ee9af89180ff879aed14a3c0a

SHA256
6e57381ab685ea31bb0e5512c3e9b8197504948ebb6457f05b9d6c89dd215981

SHA512
ccde66e56b9db6e22990741471f002cdee19861ed1f80b69ca5cfe733283381f65e1bd85f869410b48dd1612b2c22536f6b80e8837d2c448b17883657a276cc4

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2d414a2de596a673bc61cde9cfdcea7a

SHA1
9ddcf8fb0b81e2d4a96291c58a80a11457d3f262

SHA256
3fd54c37b9fe56f25709d8c20bb19356492ce239782b90a274a3d56c5805426d

SHA512
b3a501e6ad57bb4bf20d6db6db02b1639ff95e530c2516e93d647d3c1d351dadb9b8a203b826d84b7f99b3a3ec32b38ce74d93be086663571d47da49f73e2fce

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
9ccc418c4abcefe1c1977240f0f127fd

SHA1
427f503e74ef9d3541cd5aa8724058f766490e90

SHA256
920f542a6b2aa68fefc6a9cd943ed1e929e40361ef83c598794e8a5163dd13af

SHA512
315ab6fdb5f941dec8ece4bb0c5f6b92f42097c49e541bb10e9c5418296aefd666e8d94bdcde57afc003db8c115398e472ffb1c689c65284eab36fb40d7e46e4

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4b3c5e7e0c68d738c06792672b0ae0e0

SHA1
b2d2c7b0bf805b6e65d71fd80eb654f33e51a774

SHA256
5709021fd96692af96e7d47fa0f5939ad21fac85fcbff870c5b832747f1de93d

SHA512
3959c73b1e96107367b2214456151b27c5916e2093044a53f67debc825902fa9340fa03a9aef68268047822a02248ca390a0991f48acf81e9c90b7fd286549b5

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2db21dc98c45d9df24e0d8edea1b9419

SHA1
87e30685fd9ef58751ad87866b1c88d1cc3331b1

SHA256
322b4b25e75997d90e8c28d8c6a8d843ebe2ec93d4c379623d92ea2085e59357

SHA512
1397ed08113e14755156649d5b3c91be2edf3cd4b10135e38501af1bd577ca655f35779fd5c66a99304c8b5e3f38aae0c837651833dc25731ab94b38c4defca2

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
8f607ca1991662428e602b2ff72c4d4c

SHA1
a1f54e48c60752f6a49a04651d09a12c7b7a9d01

SHA256
ee4f373923fbcf01275739a535195369c7ec9fe55a252ffc9c5ecea03fb18ee4

SHA512
c26067784ed1698a0215d9a6c51405ae521c46cea1c49f3d9a0e5084e79bfb429b82f8609d79bd275fa2cb307b0b1be9351ca28acc3b42f949431c6432cbbbb1

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ed77143ffdeadd2c7f8cdf18ec0409e7

SHA1
53c36b9c12b281a1ca3a4c2da514867679a1cc48

SHA256
f44c2aaa532d8e312e6701a40466024de6dc7599a883296520663984d2649c11

SHA512
458d5ec0a05b5896036d88dada6d677e71892f3ce59bc1802f5f9c36cbb1e9e39f2c4a885c0235c36a0ee26d30e9e0147813670007265f62f74aed2bb88e472b

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b7e312b1446211270788d26d0d40b232

SHA1
90dc0bc08d803991ca3486f37046bb0e40110183

SHA256
d59ced5c9ddaec3b9d2115f60185049d2c7dcdfafc01bd9bfa17385994284c4b

SHA512
12d8a8d26f5610d13348edf7cd343a923f74ac2c6f6f946b6fe1d5d8950fb5e2d83775e83a9d74e361111066d2ebea3ed17b969fc6a43b011069f89331f95796

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
e02debb26e356858be67d447905eec2b

SHA1
4eb88df529f7c95302c71208e6e411de6a0ab637

SHA256
4b3fa31cbd282de1067f180879431e1a01e01d87cbb9b0cbe26aecf08865252a

SHA512
3c73e5640515f55860892bb95f91286a6b35450723b593de1e017027a1787898aa8da54cfc824534874a9164e87e9f92e53889aa667361f06bbb698e943126dc

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
7258a9b5d0779d9c278f6b98e0abb8c3

SHA1
a17042a62ef6e7578ff1843a93fa270292e6d6ff

SHA256
9452840f8db5ab1156c827b806bd385355f9782b61c497fb4023106a3f20c9e5

SHA512
8bece8bbacc70c0019f0d8d48adc2dd4ae55e144d1bdb0faee2e1d9ab939f6d179830c5cd22cc0f9fdc00499e3a6605386de8504a04dea63b3e5a14ea0c1ad08

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
3d8ec7b5dadba79f6c308e78406d30c9

SHA1
03858aad733361bdb3654d5ae75c66a0e76a26f9

SHA256
4dd0d98e1c6d3ea5019830a29d7b8392cee8a5d71efa74e60ebe1a7a37ee568e

SHA512
a2fba1d68b37d9068be54b734cd2078428ef50b8d6d844949c7942c806c3a3679bc92a675535990b9901dfae795caf8769f1340bc9b6ed8cb0b4561ca239a880

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
0c2f5b13e2a030aa586ae4921eadf71a

SHA1
d41e868d5018b773eb40456fbfeaebc72bfeacba

SHA256
a62aa330465066c16f1f06a347cbb99df765eed90948d5a3f38272833fb21db2

SHA512
41a7502043ef73591c5c4e27a799481f4ecc7c1fba006a463a6886e742e0f8ceb89ab6457111b512f9a8fd065fc2f1b9cbc546bb6fa1251f0236ead9f011c06f

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
546c3dc51eb32a47de25af439d69cde7

SHA1
24e6ba69adc0809b694acb003ab98899c146acf9

SHA256
25bbf5e6669a771892c532846bf0c10140c2e21f4223634961ca56135f10a25f

SHA512
99f5b6915aa6d558cedf5cb4ace77369f9347fed0736a3522c7dbadfe50759d8db9a9d41d125c9f24ec0f09559e1b7fcd34a30ab6487fb4da474eb8129116686

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4ec702c265db12cc72846f86da3cd204

SHA1
d1fd6487b1061198f1ef79d07c5a67aab9d6579e

SHA256
8c31c98c3ce94feef49c571e8c385e1bcb4a718bbdfb162921ec5a1633f123da

SHA512
b413a14f59062a96a3c9d346242e90769c53d6908b7c70052a29b3808f8ebf35263474083bbcca9995062a6e3c68b21eec3c4ffa5fc1d4f6419d8a4ac4775455

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
595effd72aad9b00fd7674a2f0b9abf4

SHA1
edc82803365a621fc030de774adb7b740cf28d46

SHA256
0231e507f58fc040d3b554ddf6042dfaf266fe82385409d614c6e861f2d79d64

SHA512
e8d30db5fca07ddef3554bb403c96cfb96b20dfbe407773bfcb897754169ab6287980f09fb136e3b3d3047a756865918abe57133193297dcba4dc9e43d6e62be

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
d4fd010c2779f3aca59616dc209ba351

SHA1
058d6c21ccbeb103e0589285457b5ec8c274cdda

SHA256
0aac302f0aefc98314017ee785b76821ae5d8ccbda8fdc05684c5c5e0f0f5c52

SHA512
99885b408bcc7a9c6d15c1bbf8dc52cb99c01f12ec3045b2dc3d141d851412cd2cdbdb2cfd79873fe3b97d608868bbd8425b136fe35005c94797eaa57709775d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f7731fc637299331f634f848c76320fb

SHA1
ca0150dd86ad305894b2215ec4bc69e6ba3ec6ad

SHA256
7533d65bb4165f4bf3bed4c88fd51e4cdb0b34bbf91a89c3cf0b00f461947ff4

SHA512
02108e6ce2005cada21f32945f6c997de36fc8bdd4cff0315be5f069c190e172838c9e5b4d8e1bb49302f31666c7c4eadd1ad68e3723fb1d60217f65aaeef259

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
9133f0d363f4adbc0826dfc15bb71746

SHA1
d0e4c736da667fec89b3039d2a993fdb60edc121

SHA256
5814730fe415d1c9e67125b216a3768daaf8244d1b2408fb2de780aaa2bcdb99

SHA512
ac7791bb6b5afa75c90e23660a2b28cfdf0c46b91314f5be85280495aeb9b75378d07fe7acadb10bb6452746c22db48be0d8874fbc88eac04a478b370bce2b03

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
cd7ce2794c3ea55099faa34832e53a8b

SHA1
4c96465788230b7f3c24e288fbebad51cebb4f18

SHA256
f1e19e7e5645be4f34dc1a336eb682327d8a594024be567d1c76539ad6fbdfe3

SHA512
c31ee3f9369e85de37f4e650df649e22e806dfa48208e7832c1a05807b75f05a49419a9a8b33afc628bbc6665fb5b0a9a84ec8c1395307ba1f79501bf3334673

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
46660e4cd2c41e8b4e6bd417a0640f64

SHA1
00261d8941e94023c0eedf4d8d8948a708ef9d45

SHA256
58eecef516904850bf5d32072af95f81101b874e280622eeb881a6da5e5adf82

SHA512
acdf4fc77040a45f94846485a08fe0bb0b35f05e914970b159e672465754b88d30914ee054e8e922e05479c5b717394caffb4c7f3f9971424d269edfadce5dc1

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ae5d4e3ad3c35f1e3783ab0bebad1da8

SHA1
3efcc1e2d6c70b41e2e2d8bce32ec71033c6e745

SHA256
127f2677cdfd9209a02789b9183969bc6beaa5111bf2cad159c6b50c0f0323aa

SHA512
66f800c679eb6b74bc71bd9d3550645e0a900e6fc1144bc2fe27ec9c0f7736e2ae2ae18b35c15358a271d0c6723043f6147d21cf988fcb3b06af061dcb8a5e98

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
071a3a741917ca5223dd9cc080072e74

SHA1
8c3b63c5b08fbfb7ed2f69bb59b1bba7b810e432

SHA256
d0e8afd3c0f0e610a08705ec946aa3dd73c442cd5688163e870fa7378ed4bdca

SHA512
3dd12e855c31f4ee91abeb1bb99cb1d7c7c1c4187359dedc437e256ad9c0fbedb00b01192ecfa5db0c80019779f985e0cdf49df893780848eb9691c1402882d5

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4966906f856e6a3c218ab3529a1326ee

SHA1
47d2c329a09b72b06f7e785ce1bb4f6895c12717

SHA256
7acf0a5372dfd2220b2d74b160d444df72724fe0f65b1ceca58cc8075be8c507

SHA512
b40b025acaaa1eafbe9be5dd20163b0c509d330cc76644e8047b07897b03060807cf004412fc79a78d76cb110fa7fa285b9e8161e490f2f9e1c43a1ab0845ab6

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f83b29edb74de50ca6afa556111a7664

SHA1
2e8fa477f1f6fa2314fd8cea0f7043bbb9881e0b

SHA256
96acc045b7208d2d0265c66c08ec4194ae9f70dc4b067d637c255c73478c8982

SHA512
42b40de9f03463e738a2d744fa7f04ef12212eaf5e979b3a919e89d71a5f6f13fb156f72c4b7081e3e4e2ab2f588e1977c20b7dbf832bbdd32a6c567ddf788f9

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
bd84b225c9a7a17935a27ffbeca18bd5

SHA1
acecb1523a679f0cd2f82e3a5762e818f2e4c392

SHA256
2da725009b493217c995c339db03765c39eec38aed91f27e104880ae4b988196

SHA512
3547f465279d9bbc0bac91aa706563b7fcc6661eb3788b951aebf7f23132224613594fd6942e369519d6053f0575663e845de6d3c88c75dfc4736f60a518aefd

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
19e9f599c41d34be671aaa250a489465

SHA1
eb47311daa0e925fa1f870933d49f14a956a31aa

SHA256
01d619c4b5deec4ccb01e0ad74334e4db8f3ea5ff647a02c4f592d9202e77f95

SHA512
9d33fe7c951075ca58b05ab6f61ba6ef60b5e651385c208017dcb06d4cf60f71f9d6e5ba53ab7a80e786662bc758adec9f8e89506a960bc9039cfde4cb7049df

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f2d4d1709c9f87922b7d6f8b2376653f

SHA1
38d3b70acfd190bcc4f0eb0303e21a791782cd83

SHA256
8b5faf7f6fcbc82e89dc47596d4e891e7e4713f50b6588cdba461d860532ff8c

SHA512
8c51750b51d69e8d8c845a324b3d8675437a101e4812553ac90c4f8f4f988dae58a23555ee1bedc9a2767778aded2c8e999f5e3345dd35d9958a47692f21af29

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
dea997f6be0123fb344c4fdf359630e7

SHA1
ef3babccf4ff6e450f6732df3907193b15b3e8ea

SHA256
ec3b2dfdf2f8574be4b25783070542249f06a90218cb00b6d5354bc0f9a3c2d4

SHA512
f2ace0f773d0e0c8da5d4309137cfedc9d4e4a7e32adc0a66d88c1eee9eecf9b1c1b08e632e00e88c49e6c7efafda7517d153ad218cb7a862b94445e67469c3d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
6ab9ac2cd081c497a5e18045ed115a64

SHA1
1b895b26a54c4798de38b0c0bac5f322c5a29d04

SHA256
b981d453391f7454b98ec7ad81425059a5dba17c2a48027d31c24c9085561aaa

SHA512
b4e73cda928bf6228f51bb45917f96d59bb5a3ac25652cc232cb2dacdbc4931c2a340c8b07b3eb5a9fcaed5ffa81f8a737ea19e7be0fa5b996cbb1377e568c48

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
1839aff6b9420c3bcad685dd5fec2e77

SHA1
d692a2f8686ab13894fd0df287af0be37d11c01b

SHA256
dc8a96fecd9eea735e7237d7317589d19042f30eb01ff25994aef1d956a87f90

SHA512
b6bd3bf0b51bcf4b812f538b3d89e340630f54967950ffc9ef76378cab0162c49ccc573d4c7e79f8db68b56a132de7bd61702a06bf7c53eb9085674ebff60ef5

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
a20f97e86ae60db4040d854e66b6cf09

SHA1
046b1ab11704def33ca379c485892737d7906a26

SHA256
e87fbaaeb80423754df5998910dc049fd305330db3694f27dc7bfa47466933c9

SHA512
526fd0b5af85be8ce793ea050e35bdd65543086f35fc130b97daa8bdbb5160ce71c8002a828bf3af5f40b692527391433bd73c9330e5cb17ff91b0719f1da26e

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
402732cc2b6885580e14d6e950afe66d

SHA1
8b3936b777fea53c7b0d8cf65a56f5b96cad3b36

SHA256
89eda365b6be1c05a9f0c26e99929a28bdbed86bc6b5ebc5a19e4f183de90cee

SHA512
887812a2b8bf5a99ecf66cdc8ba22f960f141e75d64210c72c9c4c20948d928e4407b51c82b59694da970eb3d98a34dadf87ff868af83dc01ade54ce7846f1e6

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
926ce6e29b837f8443cbfe5357d8041e

SHA1
9dfeb8a0c2d8749159bd20c8c6558126535ca860

SHA256
09f5dbb4e84acc4756340a7f6662b8fda126cd8a4084b1e450a8489340d59d4e

SHA512
f26190f3487b0f393029970334cabaaf8a9eb898c791733bdeb61453a19096d265e4ec6ec5c9772a2513acefc06f812ac3afdffb7c56ab6c971062cdb0c2cf09

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
005ef203499d195026ea0b20cfb0d381

SHA1
2e06ebf4fa82168fa9a86b82d460364e38671e68

SHA256
fbcbadd14d772d24b3ddee8bea295d497669ba5c43e97a9776731a9c758b8a37

SHA512
1df5219dcb3edd0d9ae9667eb6ec6174a53587c8d4052decc106721d5735e864472be34ae6e4e37f65fd6a19eec3c6ab9e2351c48f9a279d3d091b21004c2099

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b515c75b0a3d1a4fb3eb5c8b83dfae00

SHA1
73dd6e8b4a0c69dad18f73b85e87307fc0ea6517

SHA256
aeeec2028a27186fc4b27f302f8758f7a39ca0bece5cd63fff04330b9487b838

SHA512
b164dee77ad4f7408ced27a5671cd507ce2c9bdd9ef9d56de56314ec3618f19588453a2bcbb6b8a252a6c921366ed05cb60c77b4ddc719c0be70476e70e54fd0

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
7ce519e7b6e5681288838dc089b561a4

SHA1
cf3fb444d142a9547d842407dd85f718c9ca0136

SHA256
5645ac87eb2e4bc2089c39a394bf48507e72d9129121254a2de538edf1a9f5ab

SHA512
affef2a882e2290c982f3e4eaf100357a39319700efa4653bebb130d879b78403be16aa29f2145da52e82871483c58f688b025fee551aee7fa4b58b1a846cbbf

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
8dd9eb5a4760b9e46484e012a6aeb328

SHA1
3b7425856198a1aeca92fa9df8b30414481e8736

SHA256
affc0a680121580b5f3f416905a9dc676011cbf5ff0b35179ab9f49a13259f82

SHA512
da18b75b775983370bcc149bbe60483d36638009d2ed59d36f2ebf35e62ffa7ea31ade237d58dbe68c1c9e5b9843944345baf9895cf05132ac8ddd5ca636ad36

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
16fc6a5fb7bf52ea62b9033b9f0ae678

SHA1
c1c8c6ac3c0a2eef86c7759acb87f36c8931ca45

SHA256
1654184d3a2b5f4229a29bea87a4048d1683f2ee34f81a2d9f1fb30ff6d37ada

SHA512
d192d7aeb9d2bc18e2338a6a7066e1affc3e4177ea78052a9f941a0d0e5df065a2b293bbaf5422fa7dfce3e643ca3c3be0418b02edd1e645961387e225fe1be0

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
173a90a2cc3c641d798e23d888c106e1

SHA1
7f59548c48b42b501e6fe48262130ab7d43ac7aa

SHA256
9f84b2c67ff267316afcb7111f2aae445fbfb248f39d52c66f01827f3f6e89b2

SHA512
851ff41615e1fcaa890acaee1194aa7026e6ca87397df61c2cc167b71fb70120b58341e04206d12514ff09cf8e481e08fc729f76347f87ed446db90d3701887f

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
1014d5c1f9c68833a35c5334d53a64bb

SHA1
9bd08f24bb5411c76ff44d24b69ee0df0bb5b037

SHA256
09ef82ed2edb62d436813c8be3be212ece697cc3501dbe5370d1e284aae27b8a

SHA512
8b8087ee3e97cacf5aeeba6e2329fb14c5a791c73c48c4b1e26d64b8e64089bf610c4fbcbf63265920eac716f249af485d345c0da47f1276b7f81c201e9724f0

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
9e1f16b234ada26f7a35538c2247dcaf

SHA1
1a137ed4f83cebb4144a01efd6d311972e47c87a

SHA256
a147ca0cd0ed398d3f74d9afb3efbcfef025573a8538e469741a3d09dc92654f

SHA512
e460248cbb950aa4eccb51baa9660706862a9c564aa6987f0ed55d0c1c99e4a63236ccb10b296c1f116dc41ce3eb5aa19c5e9b8417caf6181e58f9da4a77c601

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
660d66a3582b2d8974d729d66803ddd7

SHA1
8fda20a8cc9463c9b6a48b3f4231a92b44d9ea3d

SHA256
0421e6508b67b8775e7d7bbb60e2cc13b9fa347bf53711cc698e99a8dbae9cde

SHA512
37284f6a7439aff5012d00a4ca7e7b13ce593f0c58bc79c6d75aaf9b1ed67b40b59e9369b303cc40405b45bb807334566e78f897329e9b497df0537b008029ab

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4bacce9836e93e96ea07bc83ad3c1345

SHA1
8898ccdc556efb1b3b11bfb7cea559ea10f0358f

SHA256
80c9b70d92ca327a78d46548e17256acaf69a9780bf3a3246ee7dc2812f4c1d9

SHA512
b7fd009b513b8a44e179446a5efa08d6c206d7d2e6b8e88f188bdf0c53de17a9a54a10f06342b2c486647618467d7d7754517c3f8ec9d76e9c8f07f24bf4ba6e

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
76b132fb335f3b110817137c5be16dc4

SHA1
a27050d12bec8dc63c7a28223f4f51fd8fd6cfb8

SHA256
1ca3cc14b4e56439ec4b2634019c9a3e0a5b7d668af2db5aedc64ca0b40df102

SHA512
1c7cd79cd7d87446da7adcaf370f54b1badae03c9addeaf37f19f09013ecdb7fd6d104d40855f72dc772a53d3ad67bfe7e6baef256ce21a7c49c314530db0437

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
053ab7ba0d780d599f305767b49fe00c

SHA1
081c157013a22e12e3c81fee0b1d2f577429b432

SHA256
8ebe91399bd032f8ab3e2810d18635f419edd2d7a8b96d6bd18a670ff86e5321

SHA512
8ac097d81002be92ba526adbde4ad8c20a291c6ff4876730eab86c574b4a3c382881baa39abccb8fe9e7da55bbc77dcd2c607fcf075f2ee0e997365b08cbab63

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
c128a510518fd3aa363282969155d4d1

SHA1
ed1f20686d7e56a69d98b3acd90b74afde029dff

SHA256
afed46cedff21bf94f1f26e6ec55f73eb1330976c8445b4aa0269f18523ad893

SHA512
fa56d5afd5b43499a8053cf1a9da4ae519fbef4155d41ee71b28072bebfd733591385ff1fcad82ff3ee2c24c0e00c0321c8f0a69a4fc4e40ee246a1f73ed77eb

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
6a7c60d0dfc0c612133fddbf350ad465

SHA1
8c10cfb30858fbb07a074c9af33fb716697aecef

SHA256
4649ce73448a53ecca31dbb2fe34aebf2a4ba490c8e298310e3cdeb15abd25b4

SHA512
37b8073378a23f8b7d73172a8aa0ded9f9ec2efeb69a01ac38335f6fff78624555095b3a05192ee7675fe466a4d6620f47e2bb973a2a69f1a28b3f7bee37f38c

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
39f3f11fb480c5ef0c4c907cd885745d

SHA1
b002c7f1a33ffa1841a4310fc4b55bc820e75046

SHA256
a5f4d4da0fd5ba384750d7af4d0e5392951f08f0aa56cf69ce0a1172e2cefb47

SHA512
7627b249398a3852fbf1cd45e00ca2b39334f2e65c4f0179b9052b9db9329b3d994ffe0f4b44e963424271a83a63c08c073db4b599ff76ea39b2c421f1e9e51e

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
005271d34e49e728f076185c37c52edf

SHA1
a107561eba053fa0b1c793f2cda609817b79e8b0

SHA256
9e7533f7e455a4597184ca13f71b24b04ff8b95a78ada6759b13e28ed6382ce2

SHA512
5d5cc0f0181b95ebb6fdfa2ce3895e780d600a878c29a0490115d90991537b49eb3d812b9d2ff8fc0949536cecc9dd87106e694c78edcdd3fcee51adf9fec197

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
183e39ac6d9880eb9988e1e1a5c4c2fe

SHA1
d43b30dd167f33a19bd1f959a08c336b1ea229be

SHA256
d5943dd5a9713fb543618e83fba5adeeece8a4e68974629cf65e53bf8272738c

SHA512
3b0be5b3054fe87ad62509ef87cef0471495198949410406aedc3fae7235783011ef3f6acb15c0cb3daf441300a382c9d675a7b699fa06b1ad946cac3a6f00c9

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2e5b48f42fc8eed350af5060b89fd6d0

SHA1
bc2d995046ee845eab773c6b6f3af5553e426a38

SHA256
2975e3a69875482c33d884b3a9776ada8f0bacffa6bfb056f1b94c9c10aac1fc

SHA512
41ba5e4c918cc4fa646fc61c09d1406adde9fc1b7571fce4491c541efb9a4e5531d3f102e014b5f304d5bdbf41579fa83706eb70845b9b7d658d0fcfe1fd0b34

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f8cebbc7efe93502d7ea3457474a0a5b

SHA1
6fc864c3f3e36385354eaf302561735618f8c59c

SHA256
24f68a5fbd3aef7a346fe34c2c257a7f47a9e2fec2eee4c5554e0584b9fb0bd5

SHA512
d0a5fb773d7cbd3183053162b1b42f5fa89c207acfab34677b6a080a7f346a8bd8370f870d7c8fb5bacda0bd4b43c3202e17e43c59e6a4dd3be4d5065a448689

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
09c723a2fe31edf59626408496b58895

SHA1
e1841fc98c1ff78004e984549a2300b7503a7f40

SHA256
339f648bbe2663158e4c07b8366c76dd86884d3de33f8a9a5c936053bee87eab

SHA512
cb1be3f5866771ed12717a74ecd134a79f736626237442fc912a46941cf75e8fa81d126927471529ed324f5df3d60a176991c65bf888c92b359330a2c87acdd7

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b66e4b56813e0ce282edbdbe808383e6

SHA1
6f7ce57c2a62ac4a5bf6e77a04423f991dab6d73

SHA256
c1f4b7432b00c333207b2594dbfef63c162de6c885d7817540d60976df8874e4

SHA512
717fa55934e9d5cbc431b7e0d8fa543de0a9a45c464f25fe9d1ef603474a26f969b81bcc06666c58fd115d06f187aa5e271d6558eb5a3ba54d63af0d1873fe42

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
cc78f617dd64ed535776150bee59e45c

SHA1
f9c546d0b25a8d7f0b8c53bf6c5c332677774ad2

SHA256
cc5f082b8620922e574a47886e89970e7d3a71dbdaba6e54c0c0c7dfa8cf030c

SHA512
532cced69dd2c8e92f42ead94baeb4d0128e66515e4a089188c7e6ae22967a6d749140c202ad08038d4f053b4e8edad24be1ef75cbe843d1402b10363f8a2e82

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b65c77593d3191f4cca56c1154f4128a

SHA1
ff54c54d2fc623bbb058a2a8d281e08ab983c485

SHA256
5bf2d368e22a8ec60ab44c37c17f6294b8d2c6d835ccab4cb1af65686fe42df0

SHA512
e6a4ddb9f7996357aad385c577c1c9d7d0a26a9baf5ddf1bc8374d877523b73627c72595960a6a32ffd04bda7823e687badc23e5f391744098684bdd67ec7452

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
e36df756af4047d6eb38b6169a74c7d9

SHA1
0352ba48cceef4973362f928da71e7e2a33a59a9

SHA256
572ac723c179b3028811d25b635b85a5bf1a90711ce4cb138c496ffc9f017d1f

SHA512
2e5a88c0fc7a188e7319b80557d8a25a3a7621781af979410e21bc36ad2b94874506f2ad124474945c63543aa1dc93dca4f265fff1693caee1202222920bbdb8

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
a38a767c2a071879c81ba6be3b9d76bb

SHA1
546860ab69a55116486a6e1c7263f9e37b6c33ce

SHA256
8d00a7128a21fde5d270fe52e8cf583636c218cafd062c4c3bbeadcc84065527

SHA512
b694795484fa7e32d60936167d20bd35ae5263ecfcf24c161d6ca20613fa186e6dbaa244875150f2bba6f3267f372d17a016919f4b4562d335d7c93798922aeb

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
1480ac12ff12581b45a25bef9980012c

SHA1
04e9719762ff004e7fdf18d0f054916e83f71fa0

SHA256
f00d3a98501c9b8a0ed57e9d396d58820964fe03644e14ebd73c1e854bf28be3

SHA512
93933db26c6757cc3a66fe9c9c130821c958f2ce3fb3ca34c9ae0e750e2cc155d86f924bd6637d3636c5a4c55f15fa8d4946e5ad431742dbc67e96d2c7137365

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
3ab58f9a716d65b8a51162dd2f9ec210

SHA1
97aec57e28e28c5bc4dcfa56c26a1a399d84e752

SHA256
58f6cbfedfe17c912045467f53a355cdcbfd7f885f67aea70405ca4308640c05

SHA512
e9b3f98ed5dfafcd32e1396f57bbf78422f84fd8b4e4be55411e6cdcef6c7862ebbb7d0f9360316732ff262cf1988f700f04520a86a5b4221d42b1f1f2e60671

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f2598451cf2b26988cc445c039a12af3

SHA1
62fccbcc269211aadadde14678666828d64cb2ec

SHA256
30d9111ffa80ac5ae361a7a9a6cf393af1b57330673fc9af48237ba9abbed55d

SHA512
842dcf3963bc4e362a2530ba8bc7c740162b46f19d7723b5fbe6c9912607c6386c7969ba7a880bc883d0ce99416097c6ae314542a6a7befc3d0afc1a18e7ea5a

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
19ef280141bde83a98ccff3bad3b17e3

SHA1
2f98ffbd58e8582cef4acc65a06463aa5315a75e

SHA256
61cf2f300e2fe6347303ed523f5f4e6728231f075838e773ae2a8041d09c305e

SHA512
c4edea9792ee3a127b61034a1962b1d728a4d17eaa6acb9611f66b53bc0ee1438d376df633d09c24c341f6ce1abec6108957ff4a29d9d5dffdc6919a1ba20919

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4ab4cf62f5527b2766494404d96fa497

SHA1
3425adbf70b89e9df9060eafbeea0f904479195f

SHA256
6a3222c32432cf70715dd938bb9244bb9b9245802728bf1837e608daff04585e

SHA512
1ce03f7eea06136e0b086b5980a055ab0cc8ec027bcebc350e403274f64c8f5a47503e34aa645ade14fd694cfb4f13aedcd7640519e33a80c90470794d0a4570

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f6e5a81026259cccac2ce64a4573df50

SHA1
f09afc96c1421e7676d78c114061aa1c0cb7d404

SHA256
8538d680be2243279db0da2321dd75732be6a7345d98d56e3b347bbb2722d740

SHA512
9a0913501f1e9077f84af5f191a27c73b13dae2a9b32ff4dc1faa2987b05c9d36cd5385b8f24fef9bf64dfb73822072993e12914e3e09d14e6c56097a12df2ab

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
f50745b681e20133b6050f907fc0af16

SHA1
051d674998ee9ccb4c6f74c938ba4905d3db85e2

SHA256
4e88560b6e55894e1cc4199e75228b2880d5c440d3227ce1d3870ed0d03a98a9

SHA512
73f2d2f326b9a5c81ac0f03ab43b9c5b95bb3475164234cd4e96b706d08795d9029214c9a8d2206bbc5245e82c2c5f53911c8c0e741db5932c0b7f2a762f4f52

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ab4f85308b7bf57121677f0a6e8d94c1

SHA1
c590b2a305e1024144c9ce38fb8ed4577fb30abb

SHA256
75d5d1b728f8ef58c2c4886812c3c945174adbace3efb52ecc53c920a62f88cc

SHA512
14f5a66f1dcc6ad9057d126f993369599f6a2ca112def1ac33a2287047444933200822a1d6a5d18b216992bcf25101ca2f86a072fec62bfe989363ae44db9624

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
c4da0b54f1681aa7aee2283e1fd13ac2

SHA1
dad464b8aaa377821310ceff9d2909d445f725af

SHA256
a4d8ff96c55289c1af922a9b339cdf7f2465916cdb6ba34ec775c9ab2db653e4

SHA512
dd8a9b464e4811263ea399af86a646eb793358bfcb0468929ac1b3030ac24f0ea0b3a71aa1b43ad2dc1850e3f8f23c9fc29d79f8d726b5ccd464f4c31e07ccaf

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
92101f39afa8851dcd170bd4591a50cf

SHA1
8fa65ffd156bccbc355378fd34631c288c235cc9

SHA256
c90c5414deb4433d3c957014b996264ab329806646d333fb836846c1864363c9

SHA512
1e5d0bb9ded61857ffd71a393b4f5ac4a12c25ed3b14f219485b4e5d66aff4f3ad36ebbb9cbb3a7d04d9e510c6072df0417001169c2992200785a38e305718ec

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
0e204bda2175d04cf09e9a4746e5137f

SHA1
635ea92b6c3f51842ff081c9d11afeb66d8fb6c0

SHA256
d6ca312ef3989a699b3fef4e56ee1d1031adee0b15aa595baaf1bda78a84d523

SHA512
b07ef45e192416dbe7df5b88b7e36a7f2fa3b203f47d2b45d0140a3b0d1ee5bccba790a0c6fece996cdd57f3b208678c8d060a21465a3e807e6165c7c61cc62a

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
bc1ada50c5ff523c1b57d27afeacdd22

SHA1
57e06ad81375308c21cba3ed08c639b9b9352de3

SHA256
f68cd64728efea3cf8e2577204f9347421336453d74e6f34b14dce928cd072d4

SHA512
baeee60063ca68e828fc145966900c9a1feb38616687b92dee749a9113a8590f625affa6143a660b25b1cbe8d2cc327208d7255c4633f991b7252f0d10e9e3b7

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2081298f5dea1980aa9d7535831320dd

SHA1
ee2d0b3a5bd9ec503ca82109ea49d628a1585be9

SHA256
641c9d6004d9a2df4752823e1415972e424afe7775131c404760bea78dfc3691

SHA512
98b810bc533964d8a888f61b574a0beb7d7eb3335cc9cd2384e6046c5afb0f2212dd8ebb32a314f301201cd378e1af6d8d3412b9ec3ad95b0c1a1d1cb29ee829

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
ffe6f6bcbc33a8205f58c493e002ab2a

SHA1
f55449b556745e7a0bfa29b4f6485733b3fd785d

SHA256
2a96791611307a784f4f19b0bbc1b13f1e962b5c53f2f0dba313117531ad9e4f

SHA512
90bdb7f41ab6a2582be39f8d13fb3aa30be53071b07e51c698691c4e840ac1462ca03e85223888127f232a94df06f3e9f34efa2457060d409c0c96acf20baf1c

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
a616a7bf6e5d8a322f6b40d87664a15e

SHA1
37dc106a3fde593b0ced2a6135139597f7bb7629

SHA256
14c3bca0a59330bd2fc0f9794e85894386f29d57e0745ea1677d5f14262cd4d9

SHA512
652f0a8eec6de560e5a04d9107c9225981a5877bde15050cc98be1d5e7e44978fb182cec8d8046eec4ac99f9637f1569df879ab4b698755caabf973debe52e66

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
6ecfc571bd70d7f6080b17b8a9a03032

SHA1
21756f1d7bb20139ab991b589bd85ccf290c2969

SHA256
92c9281be2574508c8a4fe38bc6f14c0acbbc44ec79b7f1dcb5840c2097104df

SHA512
e3c64b7ec7c7e61d3f67704074f3d89d5739f11d31fc34619ebd5c2d6940a649c2359417ea98e67faa77d6b3059846d2485a9312cb4a3c536c8054552f0675d0

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
db41c5e3632828666400c28cb8c9b6d4

SHA1
a490e872c56199f04731b133f06e0641d0b0f65f

SHA256
9cae8e73aa98238af6b03815bf708b044e5b47e9349a2a3b1e2b112e767e9b50

SHA512
5c68ddf16b9b1c14f4028649ec77a1d4b49ebe28b801468e5dcf2b45d119f41d1614064190c5f4c105700f69b9427e8f4abfc07a3f7ce525f618440c24355872

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
38cd063ec9d0819c228c0d7ca927b4c3

SHA1
dd4a24f42d5c8375547835d8c2c252eb33c9e7d5

SHA256
8a419415845c0ed808ee6243642b699a84a9593caba7d2872f85c04d9c71d617

SHA512
f6c9fe8f4e24828274ef055097a1755b1a6dcd71ea8ec07fd76c7ad34f4edc5d78878f940f60322e5a3caf729d3f958bb64bd303c860afc2bf9e49c7a70e44c1

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
296f12c82204403f707fe6ce8688b23e

SHA1
0efc7e313b10b7a89f6a0123729d6cb7236481b7

SHA256
4cd0bf385002794d14ec51b4434f5e148d966a63dce8802506a56565ca703e67

SHA512
9a61e8604b707bc35a04f218557da75da0cb66ea7d85ea437c894a87135a4033b2c3cbcdce5d9b11691e6a396f2d4de3db05b5d579dd734c41a6b5f0362da73b

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
e5ceebc5925e232d6d8ab226fea72539

SHA1
d1ddd7795fb072f4db1dfad4936ffb555d4f5bd4

SHA256
6b3e6394e18183d062543ad22ed6f933bb5b6ce3e84955a0c00cfed00fdce047

SHA512
bb1f8a7749b564733278d0250932b55e35457e1d98e2079fa1de90d016368ed907009d2f1b823e13ca37ba50a5497ec9da61014f4323b34f31ff1418398285b9

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
90f66d6d8ddd804dd591204c0daf072d

SHA1
fd3a908ff0c93566f9abd634137a595ca2602d08

SHA256
ec3e80b8b029903bb2d3a296f8822efbbddc5599612ec10445a064dd8ffde9c5

SHA512
67b5e0c3802222c2f30edfdc9be2ae9da42aeb720f40ca5f2890fd6ab348cfc23539ed57ad676d9d2bed530570534aff8a8ff1cb8848e53c0541cff75e792eb8

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b2d9f70b5da56d5f22f3eeb216ec81cd

SHA1
36b61daf0686e5f971779f462a752f734e1a8f20

SHA256
850e2c72167e6db96014da8871b7332fec2a2ef16daf4f227d9b61f4bb86a8f2

SHA512
102da0716ff1fed1e345ca89d49beaeca7b54209870d7607c32afc1de20abbe0dae6ff3f90c02be30c34776d558142829222903d0f83efd8775c573285b8454c

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
3f5eea91c77e6f2a30cb9ab0083f2926

SHA1
36c7c03ad2df84e5e73339216bcda80bc8ea8a0f

SHA256
812b25af3b690b0f9fce727f04ef363578be255d9ca67b7149db5948b2a9b669

SHA512
d46ca8019583e0fbbcb5735db34b30b0f756ac8640d402595498e4f5c7c430e9d8097cb6b14736cdb39e42bb387e2b88efe666addcf7e4e2dd5638cd4d8b758a

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
57ad1f96174e460c2504c712c42cccfd

SHA1
a84fa590af4c3333140832682acc54e6d9a925ac

SHA256
e4c9a5cc7ecabe8027948bd7c20f00cb30e3c9c89246525c7aed55e6d45d604d

SHA512
e5c6967b8291c5cacce488fe4e2ed7e6eec82ca33b76700ef585e0d12ab7befad2a54a69033e2b12cbf31cfbbf57a48f5ad1bbbb6509ddeb89bf4408cde60be9

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
e21703c5dbe4863cc01a66f6c3a50bec

SHA1
4c4f19252ca2b710fcdd53f55cf76119cbe7a53e

SHA256
7f57e0be1f08b53a9d248d03c38b2bb88d1db76f53f62c45ffdcd9a25e6c30fa

SHA512
176f0b04149953de75522de4d64130aa2b4dc89abc7ae2d26dac0d9e5f91a48aaa2d5309327644f43a105298a66ee3cefed889078cdb61d9dbbc7e2f82027649

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
cd04c7c41e649719cf955b185104b882

SHA1
195b7108b3ea6aeb1a9a6e5e877a4085e9171490

SHA256
a649a789b9cbde48af5762a220f0dadd56639f01378763fb3555658af2150b19

SHA512
2bebfd30d2b15575c182fbf05e5005a039587ae269ea3b58e48f1b29b5ee28b5b9ac86387722080b34e00df78c772f49a6f4bbdccd3385230dc661b660b7961e

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
d62e6c8b1f0c901491c5b21ffe4e6463

SHA1
7273a93ad9afb86a09d735bcef73d1444b0e7c3e

SHA256
781bcfdf491a1f86f38b082df32412ea2e4d0b572213792e84848ce6274c4eae

SHA512
9b41e0dbcb610dd5d3a0260420a2b9e09c5433926922ad5e84b03f8e68958c3fede5e5bd00a4530ccd4d8c94d24c5c704a1d0abf6e825aa9bf6f91bec2d7a111

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
b07973e040e2222401c72be89a148b6a

SHA1
1f77612e5fd5c3ebb4b9e93fdee1b4da22655f9b

SHA256
7fa77d923463632500108b636a15f3fc3629683d2c24a68e2ccda125f38a9c85

SHA512
8c5bf5f19f3d919e8f14baa59945d1d77a2e22c9a1c94eb8a8d29eb05d62ef17b4e7b304c2fba7a8a9f7d0c842d10e584e10b01543bd4833df0c0659ff106919

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
730481891307b2257aa6c3e6afa642b7

SHA1
14d290babf1cd79f2c1a51bf355a15230988e891

SHA256
a1c3fe8d14dc69accf94e74c3300bbf5ce6e436c56d132ef471b5abe30153e66

SHA512
cd0d02c20179ffeb04e8a43ffd787ff374bad279c7a66359ac829b639fee52bab628f79ba60ffbfe6685833eeef6f68deb52ab0c746ddf7cef44a6bbeb9b4157

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
54c99a24c520cc53e5975ad06fdc77a4

SHA1
0b96d998e1abda1c68c3f9e9f2a03aa3e21de126

SHA256
c1675142352744ee76b405d229837a8fec7dea3d9a0e824517aab7571b3b5150

SHA512
b4ad1646cb78d580870784e6a4ab41d8f2b752b2a08ac7a793b8c1fa8291240152664325e0db1e9c4adc616ec7ed5b2650f553590e81aa06df7b971f740ac289

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
02d6e789f72f606804299ca7eaf7a839

SHA1
e46b6208793e2ce257063c92d8cd954c5767135a

SHA256
e661a66b5ea1c4d85ed602ac5efe11b75e9d76d35ce263a4a382ba55bd4751e4

SHA512
fb4e75bc41be02dce2fda89037958101a40964101231b9380d73e35d3f4eeb8f1a445c1bcd0f85a366b1930c21159b1389c1bd59e37f40ce399d71b43ceefb2a

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
0fb5c32c81a85b2dc2ba85b38f34bbf4

SHA1
b3e7373c6d40a6f8c87d5a6fd67194b297f19bd1

SHA256
3814fa87ba4fb14370ff5900754fc97f2c93ca17999c4db2048fceb40dcf6019

SHA512
3a812bd4cef31c393420b9144c223812f1dcd9cbbfec838398a02db500ed7eb21ced416f0a259f3ce5d9ae693bd496fbba4dce20e33d716080d8f18369d6fea5

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
d46c07335f7e6cd7443c83f6fb2cfd6b

SHA1
8189789550e325f913f5ebb8efd9ffa6de4be1f7

SHA256
3feddbb9f45c074ae06e575bcf1bdf09ef07204ef65a862fb8941a0aeac438d1

SHA512
0d9efe79db03d2e57f2fe723471a72e03d4e285a5a6d51ed88a9605a9e7ca04a4bf4891cb0ed0e5ab83a88b2585395d0216ae3e625934b8efce933d8e5ab2943

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
c92e92a6ed25988f0d4a146a2c674e93

SHA1
bda4b0d67099af77e57277545371c165dc44857f

SHA256
27d11743ea542716efd17986995c065992299b3cf2b5c9c44d3aa21d53a95277

SHA512
fd3d378f6e676a3b87d177f37a09e29f8cdfbfc17d5a4a78f851de2b266fa41a182a7cd878c2254df8ee4a77e4a987e8e5beec847357f803d6f69a0ffa956212

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
8f4609b680eef6bcafc39d3f3c20b230

SHA1
d831c0d2b71728e4adc1e893317044434a607566

SHA256
d03fa3fa3b3c631f89b509c296b7af3e63253813e665de3a14124c1e67fe29af

SHA512
2e42e9253f11ea63409bee7f6f0d19695f8390c708614af54c0e5d3870e1df2acc978fbaedc48a644626a7aa557d5bff81326acd638d0dbc2f5bdf07337e4515

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2edd892ce5f433874dc9b3dfeca790f8

SHA1
4a9f1064cf99b66a96ab6ead327715f8ccdb3bab

SHA256
837d70c0235fd2baaa927864f996dcd2a4efb9f34e6a9d80d0751191d3bc9d04

SHA512
453ef91a0215e7e24756b045f7c21d57f6cab096c9c1c243aa2772c496893a79f7b69892238813c5e1bc5480812950d016b8ffba367b7d6ce0ed3b8496c3942d

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
765477ebb348b997aba091dea0dc6cf8

SHA1
7b117ed3aae9df724b220b3e185a028ccff23716

SHA256
31176cc3e231862cd3dfd06067fc0b2521a160c283264d6d89c1626928abb180

SHA512
12b29aa599bc1033d2d19e803ed883d6a86b60d008b1e531cbe077044867aa51a9583578d7acb7b4219aa70923655983fd26fc4c01788c0bfd143eba321f508c

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
697277a49ced54057aed55a7d0e3ccc9

SHA1
8b454ffab3ea0fdffde916e9a218b24851383ffe

SHA256
91608f70302f1209dac3682fed55257fb34a578591665888a5b2fe6ccd7480e9

SHA512
eba54b24d3bdaf0b985abfe8ff203a58e6161a90977d7f43390cead27d09a876b9dfae537c0a5337c8d683486c6835f64a16595fe56b9e27152003e4ca55fc69

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
2d33d93f1c43ae827ca5cc420f9eb037

SHA1
e83c3af07a017fa80dd831ba52c9ba28422323c3

SHA256
ffc93b420b0d071fa084c16664de71d29fd9796de7de139425b21d0816d2edaf

SHA512
7671fdd9490a74f7315d4a5d154644cb9fb065f4b8be917b524ddbaa6de748829169e40220e8dba7fb177740cd391c5b770700ca2ce2990384c33df294e4bc21

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
862ca1b1a465942d4e212c9fbdd8c618

SHA1
c2044c6dd88434fdd6a07a70a2ca4238cf83af5a

SHA256
c94b6f32f60b05da1e3b87c516d7cb1f98d3e5f2691456df2cad61666d811329

SHA512
84f0b55db1a637f7047c5f07fc0ede126bbbeca4faf009e52dc2d2298775632613a2c307d886f0b0c6326891356328984b0c463c5bec6eabc00d84dc4f3261e5

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
4d94e7275a9a06ca84246349bb5f4f1c

SHA1
3ea667476c87a367a01f134401eadee40d1c1018

SHA256
2bfa7aaf6ba8366e63100d1eedc8fdc91708ab404c7d0666fc9051cd48f06022

SHA512
aaade1eb2c3ac0b2483f5562dc276481172ee5d31d10890d5b013a222d91a732a116605d20b15fcd6c3d7bc898b6070a3e06b848d23637063b071ef2e5897589

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
a10c26e55e54e707ea70e32cb625125c

SHA1
7d469ae22257b46b29890959db0ee9e43ae00a1c

SHA256
fcc983a3e3187e01bddd573b489c05c0af44c87e4313af7c14a297b80d89fd0d

SHA512
25da0254dfc91a191a0e66d4e6e663317811439bcebdfc50615bde041510566f1f6673a2bf952d06df8c14327e5781019085bc883aea8d515b9b6de068f6099b

Download Submit
C:\Users\Admin\SIIMMEAA\JeccYMUc.inf

Filesize
4B

MD5
916f00445e4223a6007432798196a15b

SHA1
bcc9b8472ff164b95f4dbf039b7bebd11e9c2790

SHA256
4bf33180a44c2e92973384414dd3e8db6ec3790366f6236b7d6cacfc87d93617

SHA512
7de60e2d38e89d31cf8e551cd7cffa6938bc36b9062ea89be47c91231f4a5342674db0c1a4e5735146486dc716edefd4d19f14cf9ebeba4e52edfb20eaf9fbc6

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
c4f26ed277b51ef45fa180be597d96e8

SHA1
e9efc622924fb965d4a14bdb6223834d9a9007e7

SHA256
14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958

SHA512
afc2a8466f106e81d423065b07aed2529cbf690ab4c3e019334f1bedfb42dc0e0957be83d860a84b7285bd49285503bfe95a1cf571a678dbc9bdb07789da928e

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
1d724f95c61f1055f0d02c2154bbccd3

SHA1
79116fe99f2b421c52ef64097f0f39b815b20907

SHA256
579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648

SHA512
f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113

Download Submit
memory/396-2891-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/396-2898-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/400-2930-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/400-2905-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/456-2913-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/456-3053-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1048-2935-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1372-2824-0x0000000000E70000-0x0000000000EE5000-memory.dmp

Filesize
468KB

Download
memory/1372-2823-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1372-2826-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1460-2912-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1460-3043-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1576-2926-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1600-3055-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1600-2915-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1768-2914-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1768-3054-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1844-2836-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1844-2839-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1844-2920-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1844-3108-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1900-2929-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1908-3039-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1908-2908-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2024-2814-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2024-2819-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2024-2817-0x0000000000FB0000-0x0000000001025000-memory.dmp

Filesize
468KB

Download
memory/2064-2922-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2204-2923-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2472-2816-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2472-2820-0x0000000000FB0000-0x0000000001025000-memory.dmp

Filesize
468KB

Download
memory/2472-2822-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2604-3057-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2604-2917-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2700-2927-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3024-2919-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3024-3107-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3180-2904-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3224-2890-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3224-2894-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3312-2928-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3512-2901-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3512-2933-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3512-2895-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3532-3040-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3532-2909-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3564-2918-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3564-3106-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3576-2925-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3692-2924-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3848-3038-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3848-2907-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4000-2934-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4336-2141-0x0000022CA8BE0000-0x0000022CA8BF0000-memory.dmp

Filesize
64KB

Download
memory/4336-2140-0x0000022CC2DA0000-0x0000022CC2E82000-memory.dmp

Filesize
904KB

Download
memory/4336-2139-0x00007FF6C7D70000-0x00007FF6C7DB3000-memory.dmp

Filesize
268KB

Download
memory/4336-2144-0x0000022CC6D60000-0x0000022CC6D86000-memory.dmp

Filesize
152KB

Download
memory/4336-2143-0x0000022CC4930000-0x0000022CC4949000-memory.dmp

Filesize
100KB

Download
memory/4336-2142-0x0000022CA8BF0000-0x0000022CA8BFA000-memory.dmp

Filesize
40KB

Download
memory/4448-2931-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4448-2906-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4512-2911-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4512-3042-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4688-2921-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4704-2932-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4740-2882-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4740-2883-0x0000000000980000-0x00000000009F5000-memory.dmp

Filesize
468KB

Download
memory/4740-2885-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4856-2910-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4856-3041-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-2886-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-2889-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-3056-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5076-2887-0x0000000000980000-0x00000000009F5000-memory.dmp

Filesize
468KB

Download
memory/5076-2916-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5920-3047-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5936-3044-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/5952-3045-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6000-3046-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6416-3058-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6424-3059-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6432-3060-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6440-3119-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6448-3061-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6460-3062-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6472-3063-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6480-3064-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6488-3065-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6496-3066-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6504-3067-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6512-3068-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6520-3069-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6528-3070-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6536-3071-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6544-3072-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6552-3073-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6568-3074-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6576-3075-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6584-3076-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6592-3077-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6608-3078-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download