Overview

overview

10

Static

static

1

Setup - Bloxshade.exe

windows7-x64

3

Setup - Bloxshade.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1249s
  • max time network
    1247s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-02-2025 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup - Bloxshade.exe

  • Size

    9.2MB

  • MD5

    bf0989e3d758b5956363de58e4ef9bb6

  • SHA1

    52d75e98162d3ae7991669c3b72d77a5ffe3bd1b

  • SHA256

    8db4a31b05dec3c5adfc4b7ede9f0d8e4e2eb384524ce829e707c9908492d355

  • SHA512

    6b9d14d6e34308152382eb51d8f42aef21f381d00d2fb03c79d9748d012cd0ce929dda26546fdfc73c5be70fe2c571184fb446e4e8bb306045838d31394425fb

  • SSDEEP

    98304:eBX5RzYzAWt0q/G2Asj4xTN+ZD/JdWLM3SpptatNGSR:eBswq/osj4xT2/Jk43+fatgm

Score
10/10
cerbergandcrabwannacryadwarebackdoorcredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceprivilege_escalationransomwarespywarestealertrojanupxworm

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-189444705-1272902858-1305688695-1000\JGETVTS-MANUAL.txt

Family

gandcrab

Ransom Note
---= GANDCRAB V5.2 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .JGETVTS The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/5a84d63fc90b50b6 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAADGCd8jpK8yFK6QSpK8wqwWbQkqHV/XXYjfng43r5Gz4CQ9wuAomKTnAoDbJExiz8riwbD6ylllaRRNOriHzFF6SORq5cgQR8Nco3Q77O9OSOpGFgty8TlqOH+i2Z2gNkX6M9//LTl3gRxJMLfu2h5lZZ2lM4+5on4j28onCAyJkJXLKRFNgzlwQ4/IWAqx4kFneVAKAL/9dJqaCudI3pAhP3pXfhzkZnoldiGZBYWVWC0L5MVHPN/FnLW62V8HrEQr04EQ3wnR0+zQOygeguKZVABaCSGjatgCmxOpaxvJ1U/Bexz/gMpRxMUS4lLFN/MkRVScwdbX1LnNA23mfzn7mTpLdfPqDZWRn7IyHt55Mi3h2DsQVvCrBzOKtpQ49+Ad8RC2Zffnp7A9+nzmkbEYanFdRG5rygtdbNNBa2j/I++MyUduPslBjV/oO5LWtftVFghZvETgcqp4DXTSRgj75idgNC415gA86W3ZloTbLlwGpa0+futAnnPctEIHjKGjqs2yR3fxZ0sqh2OSWUPhWXxopisVk0DU1l/8bF99O2VfaSogS/aC5jW8b3wPhZjUXAdABGUuuw66sCbxe7bmOlaY0+eB9tsRvovUwYvWuE23uvWle7+YbRYseHHHgcRn7BpfIQRwqqB0Bxwc9+u/VmcuMgzloZJYDjYlPm4GTbRAokA89vnE+aLGrEv31jNk9YShl/AEuN2DaTClRDAcIdnT/AVKgWLty9bVOSuNCZj14gG/akEpmbo+zfSh8N4hXGQ7G1nIRjk7Fki59EUVTRbTHj4LrQaLUgLuxpGXIAKpJQRnHfsFbk++3MOBfM/UyTBR7Zp6P/PjMFnG58Vm5jkm8oJ7mI0d+J+SPHbDi7Rj9vImixNKDj17FW5jvgnbwfvfW4ubauPOwDacZXIcIgGxpxOApz/7PmKsO+UUd7DtX46MIuf9dGBXbB/dGXLjf1GZ+YgSTk4v1MnYb4tE0oimXbZ52nA9/h9Hv7jQlxjaNEgALH+1CZ0f2a/UC0kQ0m/fAcRudxK++Bbur3w17nNWli9xOOM0JX42RTHkauJMeRbk1cbBo6lxkeZWFe4JGsGem5uDs7BRV8rDLHCm9nw1dy7jg+ZKKnvUuNjLbd99me6LlkmuA8FyODfP2U5Frut5BHQsHLs7PUYJ0ABko9+wjuPK1XVnXzmMWpT3rfPM6loStim+Iz6cw6L9NvSWBpqFOrz7yurV2CqPk3pqxV1LANyXcGh1otXoRFTD9g6+6RnNq+LlfcHT4cIRbrkfjOzHb9YMxNSBiAAmRJd4SmiOFSmAIKM1l0o1GZksMz8tXagSGwnMggSyBdr27XbxNPYrpgafn0g/7H5PsKBc2yTHENsfX7oJYU1dsgYMghcU9pa+okkuoR5iYLGmZN1gWoZ0fjHH32vaPk1YWr7HL9ivQhZHD5spqU5RUQ6DQxlhpwEaH390Ur2dF7N5lESWElDOCiFibPkwjq9eeREJPnfB339gYO1hTqKFNzaXEaOJqys9Z7IkoIP4Yb82yZkwhUbEGmOrHfRzpL39QCvfVqZ7SncoctdlRTxfWS7wMq/XJrXBj670uiObOZ4l2xYJnFSmyJCcFBcCkFWuObWFIcZTPh2V6PQrWNH8vcK71wFwVY1O2jG5IQHXs8FhJEj95zsTBd5tEB4W9cIuByUzxh5tWPvSn+6pHhh66/nNzi7IMUfhrEi3Te98cskLLgHDaJSbcNEl8kuFJyXXaCrvQ0HoJ8Gkl1KiJL0RQChpdhgX9YjeyTRkitGpbLOA62810mKKWlgSa/CjTHbQ7AmMeTo9KV03UdSXHzOgC7SCPK/Wn2BGyc/o/s0e5ZolXdyThaMBqy2bxJSsn7ZqTp/xRrV3Pm5GS+Xb7r1ssy3M3dvdi8wpuJeq6MEoHOztd+chNrbd5oA2WiSuuL6usS3vq6qCSHQ0MBq7GszyWLXemVP7ejnm6nOcB/2j/HmkL8rx5NKQMLiTof4T7v1BebSY6ayeVohW+kDsuz3aoQHAUQ9l0To2FaZ4C/VcLrmFuTTYLzYRcYoTtaX0CEr0ukk8RETfdIWVOBxsm8Spz0hwRMH9OcIzNrajSPI24jDicnMNFJ+vmfwnpydPc0WXW82jYetSoGZRCSCP5f8BZjlsreozF/Fjk1Da42j4ebCPMvrbNgTUykKuYLS5HvMtBWZ0qmHBWVuuAFwzwwix4YXcfj54LcfK/auxrUSA3Ynat7xEpbAg= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- 7ftDEgLb/ZS0lcmZbHM61KDJ6AOtD78KkA7absMgUXYxWLsC+5+UYF9xVmD09NHJMZDSAv2Vs+DBRXHIKnQXQzua3LPyzokSUuglaqKXwabsGM4pXku5In6gtMQMqg7sgEh1XW1iPMFgiUj/s1LdWpJHdiPjMpn7rCZNO/A31mak0K8RefoREu3BxtlAsseHWfVIIKN0U4NnA3w0Ga7XDLlF3iOIB6ImYbF6Z/7MBN2mgBr2rZ2gU1R7jNx2WKAyu4W+5zlHFnKwMISBi1CwemOo6FrxnP+Z5F9bSR7OvDBsmLj7oYD6GBgpBqj3RSAVfvfE0yZSXyCRtLeJeNBcBixqqsZqR+a3MrGamYeRhUeAP4vy+fNlLObjX6P0r1BW4eYoT03JrPa/L0B0wffnS0ez96BFoTHFq52HPDCx6yhEudvoPVoM6iaVy+mvqAdvYbwBrtkyoC8E1filXTmW7qZ4Duw4gTGwK0yub5gfz9wpLQCj3bimwDPi8jPeKPiggI2bWKz+7QkWvC2ihYFfEuZEsyM4ANvhxNQXIE31UkGbyf6MN51c1gY/++QRe2kEznTbCqfrOdcnPBOVfcolLq8b/gmccCeV7bCGEZisVbSQnNiaPkJ9b5I041HXc2vSx6IODB3F1IH8qANwhkbcxMPGvnUSm+rK ---END PC DATA---
URLs

http://gandcrabmfe6mnef.onion/5a84d63fc90b50b6

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___ZA96_.txt

Family

cerber

Ransom Note
Hi, I'am CRBR ENCRYPTOR ;) ----- ALL YOUR DOCUMENTS, PH0T0S, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only one way to decrypt your files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_R_E_A_D___T_H_I_S_*) with complete instructions how to decrypt your files. If you cannot find any (*_R_E_A_D___T_H_I_S_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://xpcx6erilkjced3j.onion/C41C-E329-78CA-0098-BED9 Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://xpcx6erilkjced3j.1n5mod.top/C41C-E329-78CA-0098-BED9 2. http://xpcx6erilkjced3j.19kdeh.top/C41C-E329-78CA-0098-BED9 3. http://xpcx6erilkjced3j.1mpsnr.top/C41C-E329-78CA-0098-BED9 4. http://xpcx6erilkjced3j.18ey8e.top/C41C-E329-78CA-0098-BED9 5. http://xpcx6erilkjced3j.17gcun.top/C41C-E329-78CA-0098-BED9 ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://xpcx6erilkjced3j.onion/C41C-E329-78CA-0098-BED9

http://xpcx6erilkjced3j.1n5mod.top/C41C-E329-78CA-0098-BED9

http://xpcx6erilkjced3j.19kdeh.top/C41C-E329-78CA-0098-BED9

http://xpcx6erilkjced3j.1mpsnr.top/C41C-E329-78CA-0098-BED9

http://xpcx6erilkjced3j.18ey8e.top/C41C-E329-78CA-0098-BED9

http://xpcx6erilkjced3j.17gcun.top/C41C-E329-78CA-0098-BED9

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Cerber family
    cerber
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Wannacry family
    wannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (336) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Contacts a large (1122) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Downloads MZ/PE file 10 IoCs
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    defense_evasion
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 7 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 25 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Drops file in System32 directory 39 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 3 IoCs
    ransomware
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 28 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Kills process with taskkill 7 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 7 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup - Bloxshade.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c taskkill /F /IM installer.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3624
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM installer.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2104
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c taskkill /F /IM setup.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM setup.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:972
    • C:\Program Files\Bloxshade\setup.exe
      "C:\Program Files\Bloxshade\setup.exe"
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4392.4792.17636908658053940773
        3⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of WriteProcessMemory
        PID:3644
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff94116b078,0x7ff94116b084,0x7ff94116b090
          4⤵
            PID:4432
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1732,i,10163291170506239769,8398906186894137755,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2
            4⤵
              PID:4380
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2060,i,10163291170506239769,8398906186894137755,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
              4⤵
                PID:3080
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2384,i,10163291170506239769,8398906186894137755,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:8
                4⤵
                  PID:1792
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3608,i,10163291170506239769,8398906186894137755,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
                  4⤵
                    PID:4000
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4216,i,10163291170506239769,8398906186894137755,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:8
                    4⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4956
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODE4MkY4NjAtQ0YwMC00NkUyLUFGRTMtQjQ3QzMwQjhEMkVCfSIgdXNlcmlkPSJ7MTNENjU5NTEtRUY2Mi00QkQ4LTk3NTgtM0RENEQ1MzVCNTg3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjM5M0UzQTEtQjdBRi00RkRCLUExREUtRUM2QTMzRDdCQzAyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE5ODA3NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDYyOTE4MDUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
              1⤵
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:4452
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
              1⤵
              • Enumerates system info in registry
              • NTFS ADS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              PID:3256
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9423346f8,0x7ff942334708,0x7ff942334718
                2⤵
                  PID:1648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
                  2⤵
                    PID:4472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
                    2⤵
                    • Downloads MZ/PE file
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
                    2⤵
                      PID:228
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                      2⤵
                        PID:4392
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
                        2⤵
                          PID:3172
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
                          2⤵
                            PID:3516
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                            2⤵
                              PID:1992
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                              2⤵
                                PID:4780
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3468
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                                2⤵
                                  PID:4000
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                                  2⤵
                                    PID:4340
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                                    2⤵
                                      PID:532
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                                      2⤵
                                        PID:2676
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                                        2⤵
                                          PID:4804
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                          2⤵
                                            PID:1400
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                                            2⤵
                                              PID:2608
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                                              2⤵
                                                PID:3912
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                                2⤵
                                                  PID:3052
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
                                                  2⤵
                                                    PID:4840
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
                                                    2⤵
                                                      PID:3192
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
                                                      2⤵
                                                        PID:3964
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5044
                                                      • C:\Users\Admin\Downloads\Sasser.B.exe
                                                        "C:\Users\Admin\Downloads\Sasser.B.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2892
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
                                                          3⤵
                                                          • Program crash
                                                          PID:2824
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                                        2⤵
                                                          PID:4132
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                                          2⤵
                                                            PID:3064
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 /prefetch:8
                                                            2⤵
                                                              PID:2160
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2912
                                                            • C:\Users\Admin\Downloads\Blaster.A.exe
                                                              "C:\Users\Admin\Downloads\Blaster.A.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Adds Run key to start application
                                                              • System Location Discovery: System Language Discovery
                                                              PID:1604
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:4584
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
                                                              2⤵
                                                                PID:5004
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                                                                2⤵
                                                                  PID:1696
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5380 /prefetch:8
                                                                  2⤵
                                                                    PID:4972
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2756
                                                                  • C:\Users\Admin\Downloads\Cerber5.exe
                                                                    "C:\Users\Admin\Downloads\Cerber5.exe"
                                                                    2⤵
                                                                    • Checks computer location settings
                                                                    • Drops startup file
                                                                    • Executes dropped EXE
                                                                    • Enumerates connected drives
                                                                    • Drops file in System32 directory
                                                                    • Sets desktop wallpaper using registry
                                                                    • Drops file in Windows directory
                                                                    • System Location Discovery: System Language Discovery
                                                                    • Modifies registry class
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:2512
                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                      C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                                                      3⤵
                                                                      • Modifies Windows Firewall
                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:4232
                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                      C:\Windows\system32\netsh.exe advfirewall reset
                                                                      3⤵
                                                                      • Modifies Windows Firewall
                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:4280
                                                                    • C:\Windows\SysWOW64\mshta.exe
                                                                      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___QTPIN4WW_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:4608
                                                                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___F60D_.txt
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Opens file in notepad (likely ransom note)
                                                                      PID:1468
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      "C:\Windows\system32\cmd.exe" /d /c taskkill /f /im "C" > NUL & ping -n 1 127.0.0.1 > NUL & del "C" > NUL && exit
                                                                      3⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                                      PID:3740
                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                        taskkill /f /im "C"
                                                                        4⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Kills process with taskkill
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:880
                                                                      • C:\Windows\SysWOW64\PING.EXE
                                                                        ping -n 1 127.0.0.1
                                                                        4⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                        • Runs ping.exe
                                                                        PID:2556
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
                                                                    2⤵
                                                                      PID:5012
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                                                                      2⤵
                                                                        PID:2500
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 /prefetch:8
                                                                        2⤵
                                                                          PID:3624
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2960
                                                                        • C:\Users\Admin\Downloads\GandCrab.exe
                                                                          "C:\Users\Admin\Downloads\GandCrab.exe"
                                                                          2⤵
                                                                          • Checks computer location settings
                                                                          • Drops startup file
                                                                          • Executes dropped EXE
                                                                          • Enumerates connected drives
                                                                          • Sets desktop wallpaper using registry
                                                                          • Drops file in Program Files directory
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Checks processor information in registry
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:3236
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            "C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all /quiet
                                                                            3⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:5044
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 1672
                                                                            3⤵
                                                                            • Program crash
                                                                            PID:4440
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
                                                                          2⤵
                                                                            PID:4576
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                                                                            2⤵
                                                                              PID:2308
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 /prefetch:8
                                                                              2⤵
                                                                                PID:3248
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:2112
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
                                                                                2⤵
                                                                                  PID:3740
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
                                                                                  2⤵
                                                                                    PID:4416
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 /prefetch:8
                                                                                    2⤵
                                                                                      PID:1192
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
                                                                                      2⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:3572
                                                                                    • C:\Users\Admin\Downloads\Rensenware.exe
                                                                                      "C:\Users\Admin\Downloads\Rensenware.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:2168
                                                                                      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
                                                                                        dw20.exe -x -s 844
                                                                                        3⤵
                                                                                        • Checks processor information in registry
                                                                                        • Enumerates system info in registry
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:2848
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5076
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4232
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4308 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4732
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,16355333567366410530,9015073149495661691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
                                                                                            2⤵
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3064
                                                                                          • C:\Users\Admin\Downloads\WannaCry.exe
                                                                                            "C:\Users\Admin\Downloads\WannaCry.exe"
                                                                                            2⤵
                                                                                            • Drops startup file
                                                                                            • Executes dropped EXE
                                                                                            • Adds Run key to start application
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:3192
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /c 21561739431252.bat
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              PID:1308
                                                                                              • C:\Windows\SysWOW64\cscript.exe
                                                                                                cscript //nologo c.vbs
                                                                                                4⤵
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                PID:2624
                                                                                            • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                              !WannaDecryptor!.exe f
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:3604
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              taskkill /f /im MSExchange*
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:4444
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              taskkill /f /im Microsoft.Exchange.*
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:2220
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              taskkill /f /im sqlserver.exe
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:2752
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              taskkill /f /im sqlwriter.exe
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:4616
                                                                                            • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                              !WannaDecryptor!.exe c
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:1132
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd.exe /c start /b !WannaDecryptor!.exe v
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              PID:3248
                                                                                              • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                                !WannaDecryptor!.exe v
                                                                                                4⤵
                                                                                                • Executes dropped EXE
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:2416
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                  5⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:2308
                                                                                                  • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                    wmic shadowcopy delete
                                                                                                    6⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1544
                                                                                            • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                              !WannaDecryptor!.exe
                                                                                              3⤵
                                                                                              • Executes dropped EXE
                                                                                              • Sets desktop wallpaper using registry
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:388
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:1220
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:3808
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2892 -ip 2892
                                                                                              1⤵
                                                                                                PID:3912
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\MicrosoftEdge_X64_133.0.3065.59.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                1⤵
                                                                                                  PID:1136
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                    2⤵
                                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                                    • Executes dropped EXE
                                                                                                    • Installs/modifies Browser Helper Object
                                                                                                    • Drops file in Program Files directory
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    • System policy modification
                                                                                                    PID:4872
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff700586a68,0x7ff700586a74,0x7ff700586a80
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2336
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in System32 directory
                                                                                                      • Drops file in Program Files directory
                                                                                                      • Modifies data under HKEY_USERS
                                                                                                      PID:1076
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff700586a68,0x7ff700586a74,0x7ff700586a80
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:872
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1424
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7b6006a68,0x7ff7b6006a74,0x7ff7b6006a80
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Drops file in Program Files directory
                                                                                                        PID:1900
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in Program Files directory
                                                                                                      PID:1508
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7b6006a68,0x7ff7b6006a74,0x7ff7b6006a80
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:3764
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                  1⤵
                                                                                                    PID:1788
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\setup.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in Program Files directory
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1472
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff705c16a68,0x7ff705c16a74,0x7ff705c16a80
                                                                                                        3⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:1268
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Installer\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging
                                                                                                        3⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Adds Run key to start application
                                                                                                        PID:2600
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Installer\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7b6006a68,0x7ff7b6006a74,0x7ff7b6006a80
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:832
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODE4MkY4NjAtQ0YwMC00NkUyLUFGRTMtQjQ3QzMwQjhEMkVCfSIgdXNlcmlkPSJ7MTNENjU5NTEtRUY2Mi00QkQ4LTk3NTgtM0RENEQ1MzVCNTg3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntEREIyRjFGMi0yOTA0LTQ4OEMtOUMxQi0wNjlCRTA5MzY5RUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGNvaG9ydD0icnJmQDAuNDIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iNiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MTI4OTUwM0YtNUM5MS00RjlFLTlFODUtNkFDMDcyQzQwMjc4fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEzMy4wLjMwNjUuNTkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzgzNDI0NzQ0NzQzMTAxMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTExOTk0ODc5NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTIwMTA0ODQ0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzI3MDQxMjMyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmVkNTU4MDUtMmU4NS00MWQ4LWI0ZTMtNGVmNmI1ZWJmNjNhP1AxPTE3NDAwMzUwMTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SXg1aEJJVzU0SyUyZlFhbTFMczhIOVE2UlZJNm42bFg4SE5RenNzYU1reHluNTVyRXZHQXRkT05hWmtPZiUyZnFRWlByV0l6NlBSN0klMmZsOXBCaklOJTJmQSUyZnVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDMwOTI2ODciIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMjcwNjEyMTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2ZlZDU1ODA1LTJlODUtNDFkOC1iNGUzLTRlZjZiNWViZjYzYT9QMT0xNzQwMDM1MDEyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUl4NWhCSVc1NEslMmZRYW0xTHM4SDlRNlJWSTZuNmxYOEhOUXpzc2FNa3h5bjU1ckV2R0F0ZE9OYVprT2YlMmZxUVpQcldJejZQUjdJJTJmbDlwQmpJTiUyZkElMmZ1USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjU3MzY0MjE4IiB0b3RhbD0iMTc4NjA0MDg4IiBkb3dubG9hZF90aW1lX21zPSIzMDAwMTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMyNzA3MTIyMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0id2luaHR0cCIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmVkNTU4MDUtMmU4NS00MWQ4LWI0ZTMtNGVmNmI1ZWJmNjNhP1AxPTE3NDAwMzUwMTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SXg1aEJJVzU0SyUyZlFhbTFMczhIOVE2UlZJNm42bFg4SE5RenNzYU1reHluNTVyRXZHQXRkT05hWmtPZiUyZnFRWlByV0l6NlBSN0klMmZsOXBCaklOJTJmQSUyZnVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iMTA0LjkxLjcxLjEzMiIgY2RuX2NpZD0iMiIgY2RuX2NjYz0iR0IiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzg2MDQwODgiIHRvdGFsPSIxNzg2MDQwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE0NTE4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMjcxNjExOTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODM0MDUxMjAzMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODk1MzY1Mzc2MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5NjgiIGRvd25sb2FkX3RpbWVfbXM9IjMyMDcwNiIgZG93bmxvYWRlZD0iMTc4NjA0MDg4IiB0b3RhbD0iMTc4NjA0MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTMxMiIvPjxwaW5nIGFjdGl2ZT0iMSIgYT0iNiIgcj0iNiIgYWQ9IjY2MTIiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezYwQzc1QUU4LURGREEtNEYxQS04Q0Q3LTYxMDYyOTdGMjZEQ30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIG5leHR2ZXJzaW9uPSIxMzMuMC4zMDY1LjU5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjUiIGluc3RhbGxkYXRlPSI2NjA4IiBjb2hvcnQ9InJyZkAwLjE0IiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM5MDM3ODU5OTQ0NTAwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTE5OTQ4Nzk0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5NTM2ODM3NDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDQ5ODMxMzM4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYTQ3MmVjZWMtYWU2OS00NDllLWI3YTItNGU4NmRmZWU1OGE5P1AxPTE3NDAwMzUwMTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZEdtSlpLV2VGRGlabWIwRWYlMmJ3d0Z1JTJiYnpDVXBEMTU4OW9nQ1c1Um9NZ25pZlNNU1RUZ29CcG1GYkUlMmZCNWI5VE5ZNzA3ZEtGJTJiZk1DdnE0YU83SDh3dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDQ5ODUxNDU4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hNDcyZWNlYy1hZTY5LTQ0OWUtYjdhMi00ZTg2ZGZlZTU4YTk_UDE9MTc0MDAzNTAxMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1kR21KWktXZUZEaVptYjBFZiUyYnd3RnUlMmJiekNVcEQxNTg5b2dDVzVSb01nbmlmU01TVFRnb0JwbUZiRSUyZkI1YjlUTlk3MDdkS0YlMmJmTUN2cTRhTzdIOHd3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iNTg0OTgxMjgiIHRvdGFsPSI1ODQ5ODEyOCIgZG93bmxvYWRfdGltZV9tcz0iMTA5MDA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDQ5ODkxMzU2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDU3ODIxMzAzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU2Mzc0NjEzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5NjgiIGRvd25sb2FkX3RpbWVfbXM9IjEwOTYxNyIgZG93bmxvYWRlZD0iNTg0OTgxMjgiIHRvdGFsPSI1ODQ5ODEyOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTA1ODkiLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI2IiBhZD0iLTEiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezNEM0I4NzYxLUM1MDYtNEQyMC1CNDU5LTY2MzdCRTAwNjgyM30iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                    1⤵
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                    PID:1484
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3236 -ip 3236
                                                                                                    1⤵
                                                                                                      PID:1632
                                                                                                    • C:\Windows\system32\vssvc.exe
                                                                                                      C:\Windows\system32\vssvc.exe
                                                                                                      1⤵
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1476
                                                                                                    • C:\Users\Admin\Downloads\Rensenware.exe
                                                                                                      "C:\Users\Admin\Downloads\Rensenware.exe"
                                                                                                      1⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2072
                                                                                                      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
                                                                                                        dw20.exe -x -s 836
                                                                                                        2⤵
                                                                                                        • Checks processor information in registry
                                                                                                        • Enumerates system info in registry
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:2416
                                                                                                    • C:\Users\Admin\Downloads\Rensenware.exe
                                                                                                      "C:\Users\Admin\Downloads\Rensenware.exe"
                                                                                                      1⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4692
                                                                                                      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
                                                                                                        dw20.exe -x -s 820
                                                                                                        2⤵
                                                                                                        • Checks processor information in registry
                                                                                                        • Enumerates system info in registry
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:2520

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Reconnaissance

                                                                                                    Resource Development

                                                                                                    Initial Access

                                                                                                    Execution

                                                                                                    Windows Management Instrumentation

                                                                                                    1
                                                                                                    T1047

                                                                                                    Persistence

                                                                                                    Boot or Logon Autostart Execution

                                                                                                    2
                                                                                                    T1547

                                                                                                    Active Setup

                                                                                                    1
                                                                                                    T1547.014

                                                                                                    Registry Run Keys / Startup Folder

                                                                                                    1
                                                                                                    T1547.001

                                                                                                    Browser Extensions

                                                                                                    1
                                                                                                    T1176

                                                                                                    Create or Modify System Process

                                                                                                    1
                                                                                                    T1543

                                                                                                    Windows Service

                                                                                                    1
                                                                                                    T1543.003

                                                                                                    Event Triggered Execution

                                                                                                    2
                                                                                                    T1546

                                                                                                    Component Object Model Hijacking

                                                                                                    1
                                                                                                    T1546.015

                                                                                                    Netsh Helper DLL

                                                                                                    1
                                                                                                    T1546.007

                                                                                                    Privilege Escalation

                                                                                                    Boot or Logon Autostart Execution

                                                                                                    2
                                                                                                    T1547

                                                                                                    Active Setup

                                                                                                    1
                                                                                                    T1547.014

                                                                                                    Registry Run Keys / Startup Folder

                                                                                                    1
                                                                                                    T1547.001

                                                                                                    Create or Modify System Process

                                                                                                    1
                                                                                                    T1543

                                                                                                    Windows Service

                                                                                                    1
                                                                                                    T1543.003

                                                                                                    Event Triggered Execution

                                                                                                    2
                                                                                                    T1546

                                                                                                    Component Object Model Hijacking

                                                                                                    1
                                                                                                    T1546.015

                                                                                                    Netsh Helper DLL

                                                                                                    1
                                                                                                    T1546.007

                                                                                                    Defense Evasion

                                                                                                    Impair Defenses

                                                                                                    1
                                                                                                    T1562

                                                                                                    Disable or Modify System Firewall

                                                                                                    1
                                                                                                    T1562.004

                                                                                                    Indicator Removal

                                                                                                    1
                                                                                                    T1070

                                                                                                    File Deletion

                                                                                                    1
                                                                                                    T1070.004

                                                                                                    Modify Registry

                                                                                                    6
                                                                                                    T1112

                                                                                                    Credential Access

                                                                                                    Credentials from Password Stores

                                                                                                    2
                                                                                                    T1555

                                                                                                    Credentials from Web Browsers

                                                                                                    1
                                                                                                    T1555.003

                                                                                                    Windows Credential Manager

                                                                                                    1
                                                                                                    T1555.004

                                                                                                    Unsecured Credentials

                                                                                                    1
                                                                                                    T1552

                                                                                                    Credentials In Files

                                                                                                    1
                                                                                                    T1552.001

                                                                                                    Discovery

                                                                                                    Browser Information Discovery

                                                                                                    1
                                                                                                    T1217

                                                                                                    Network Service Discovery

                                                                                                    2
                                                                                                    T1046

                                                                                                    Network Share Discovery

                                                                                                    1
                                                                                                    T1135

                                                                                                    Peripheral Device Discovery

                                                                                                    1
                                                                                                    T1120

                                                                                                    Query Registry

                                                                                                    6
                                                                                                    T1012

                                                                                                    Remote System Discovery

                                                                                                    1
                                                                                                    T1018

                                                                                                    System Information Discovery

                                                                                                    6
                                                                                                    T1082

                                                                                                    System Location Discovery

                                                                                                    1
                                                                                                    T1614

                                                                                                    System Language Discovery

                                                                                                    1
                                                                                                    T1614.001

                                                                                                    System Network Configuration Discovery

                                                                                                    1
                                                                                                    T1016

                                                                                                    Internet Connection Discovery

                                                                                                    1
                                                                                                    T1016.001

                                                                                                    Lateral Movement

                                                                                                    Collection

                                                                                                    Data from Local System

                                                                                                    1
                                                                                                    T1005

                                                                                                    Command and Control

                                                                                                    Web Service

                                                                                                    1
                                                                                                    T1102

                                                                                                    Exfiltration

                                                                                                    Impact

                                                                                                    Defacement

                                                                                                    1
                                                                                                    T1491

                                                                                                    Inhibit System Recovery

                                                                                                    1
                                                                                                    T1490

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\msedge_7z.data
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      a43e9ce8d33ed6eb2b8f5133450d64dd

                                                                                                      SHA1

                                                                                                      f2b9a2eab4b80d7bef0a6e076423993b77f66332

                                                                                                      SHA256

                                                                                                      39bace95aa685a42bb379404c0e4f2a11254a7d5ab9a9b5551d311d1dbc05bb6

                                                                                                      SHA512

                                                                                                      9db1c9de9521cd7bd4af5062693d3557ab196fd552bb6000c1d4266426127c9c7c6eada263e90f99bf941fb1c863d10463940e164a03e0742ee070a35fbcdf6e

                                                                                                      Download Submit

                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0C675AC7-61A2-4E4A-9281-7FB7CE0E5F73}\EDGEMITMP_D4C40.tmp\SETUP.EX_
                                                                                                      Filesize

                                                                                                      2.7MB

                                                                                                      MD5

                                                                                                      1a59a8af3c58b30ff0fe71db2196b24b

                                                                                                      SHA1

                                                                                                      6b0e5ba36f4fc5328ec494272054a50cafa13e68

                                                                                                      SHA256

                                                                                                      ba25974b29a25cb7bc1f58a0990a8ce758354aa6ec5b8b8af210f2c1466ba49d

                                                                                                      SHA512

                                                                                                      f173fe15db8d7aeef4f6fa62a41246550ccee207e6388095a5f87036362d4c95da646e1a7c68764054556e024da80b749646425076e9bfac42fb77be8f2c0355

                                                                                                      Download Submit

                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5FE35D7A-CCBD-42E8-A5A2-DBFFBD8E74A5}\EDGEMITMP_E612D.tmp\setup.exe
                                                                                                      Filesize

                                                                                                      6.8MB

                                                                                                      MD5

                                                                                                      1b3e9c59f9c7a134ec630ada1eb76a39

                                                                                                      SHA1

                                                                                                      a7e831d392e99f3d37847dcc561dd2e017065439

                                                                                                      SHA256

                                                                                                      ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae

                                                                                                      SHA512

                                                                                                      c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\Bloxshade\setup.exe
                                                                                                      Filesize

                                                                                                      6.6MB

                                                                                                      MD5

                                                                                                      32aed8eba58209c27bbe51b5ddd10894

                                                                                                      SHA1

                                                                                                      37c248f55117195c700788a52fdd6acddfaeb3c8

                                                                                                      SHA256

                                                                                                      343c8f7d74ddbbd2d8c62d991128ce076d56c663b175e7b307b2f6e04c26814b

                                                                                                      SHA512

                                                                                                      c88541952bd2ce3b39359d892b45b845c2092e469ad1087d038598563ec359794407625b9955b9d2092c988b76e82e9a42812d43fee0cc14c6d432b0497d7f34

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\msedge_installer.log
                                                                                                      Filesize

                                                                                                      71KB

                                                                                                      MD5

                                                                                                      6d336d26e35b4bddc303ead0db442cdb

                                                                                                      SHA1

                                                                                                      64d74b3f94a44b43c9f2d471df7a57f302a28722

                                                                                                      SHA256

                                                                                                      4399b3b88b4ff0ce82b69b64c8af4ab291a04cd2ba9cb6e0bca111f36448f2e7

                                                                                                      SHA512

                                                                                                      b05604942564c1ab98d0bb96a62b54c34cbbd39dbda275373950d1821def6a5fbafd29e68d9328423ffbf7ca33c1f46169879dab1931781476c4f2508766798d

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\msedge_installer.log
                                                                                                      Filesize

                                                                                                      97KB

                                                                                                      MD5

                                                                                                      81add6edd505a8d6f66793470ed2b059

                                                                                                      SHA1

                                                                                                      47eb1aa7da63dc3ee7ca04b2bf80ee41a3691fb9

                                                                                                      SHA256

                                                                                                      b27e6ee0b24eb357592633005ada52fe5e6e5f8c645439a839f7585b77973f23

                                                                                                      SHA512

                                                                                                      34c87ca5c78c5dde9ec299e22981c1c41dd244d4c982f6a19ba7b7416ef7f924d748fd6b62c90f468a09754be411b9a44a5f8bd55e05307cb3642cefdc35556a

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\msedge_installer.log
                                                                                                      Filesize

                                                                                                      102KB

                                                                                                      MD5

                                                                                                      7ed9e325aac6a1f1f903bd4d60e29654

                                                                                                      SHA1

                                                                                                      26986c57a795d003c46758055c2a9a161c566d6e

                                                                                                      SHA256

                                                                                                      91a796a46971c89c3ef95eaca5c5fa49d72227c5a207a534cc3ac5bef18de8f1

                                                                                                      SHA512

                                                                                                      20d92560b5b1fce5838f1f15fd47351fabc6a43408a913b3763e8ad88137d5fede796133d513d329944ef651c854281f9cc949acc92aae7a41c6d8356e6dfe0b

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\msedge_installer.log
                                                                                                      Filesize

                                                                                                      104KB

                                                                                                      MD5

                                                                                                      2cb0cbdf04786cdf3ee6b12335b11425

                                                                                                      SHA1

                                                                                                      d2ebf90ee62046616faafb5c44435f20ea0af8e8

                                                                                                      SHA256

                                                                                                      af8715254771b07bb4710baeee1dfc4c0f2a71485722f615bdd7acd3d1823b9e

                                                                                                      SHA512

                                                                                                      1523c9ff5da2c5bad993b1de7e8a4675b10d24db2241509b8a3d96424716bc5fed4b537d6ea5da5b48320c3045d0a32354cc10d8fbfa550350230b6f87c3c794

                                                                                                      Download Submit

                                                                                                    • C:\Program Files\msedge_installer.log
                                                                                                      Filesize

                                                                                                      120KB

                                                                                                      MD5

                                                                                                      ab66d23082386ffb5b05a3167aadb760

                                                                                                      SHA1

                                                                                                      4b07d90d12c59f9a67ab1e3076e03e3822164778

                                                                                                      SHA256

                                                                                                      e8eab4ead8c3125c7cfb80876ffb6718528fc700bd386ecd9a480577340badf4

                                                                                                      SHA512

                                                                                                      528379ae58d2bf8a207517929273c6f738e52d6e5eecf5288f8f0228fca8ac78e06b29845e805e1bc6fda84f14bfa84090f0686b97d1e703751eebf0dd6b80f3

                                                                                                      Download Submit

                                                                                                    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                                      Filesize

                                                                                                      949KB

                                                                                                      MD5

                                                                                                      eef7358eb1ebd75db9e4e332d71acaca

                                                                                                      SHA1

                                                                                                      cd89907b67023799ff07c96d688982a780f48f25

                                                                                                      SHA256

                                                                                                      6fd3a31f1d11ce078f8abab17f22dc42a7f4c1d5bbd88b9f275810f1821d81d4

                                                                                                      SHA512

                                                                                                      4f52689eaca67c6d9834ac7538922bc24f2af36431a30584ed25920e63cd281251227a9bb97ca3a48e294fff8b95bd4019fa40e4176113fa24fccd0d49ccf4eb

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      448b7c8c3b3464847b28d8a3d56186b3

                                                                                                      SHA1

                                                                                                      8d68fb17d1185229fbb11c83e3e1302c2241e80b

                                                                                                      SHA256

                                                                                                      5ac4fe094bdd264cdd05031eaa7b06b94cda44d134c9c1f719a82ad0e258cd05

                                                                                                      SHA512

                                                                                                      eac10e9de38a513b2acc73f695be5e037ffe54d8cde3c5fb032122822de1df5f895b7924a3ab0a05aa644a6a9f4ee6f45f3452ad15dc242eb199d74ccdc532aa

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      729bed0edd331ffcfd597470f90f3e66

                                                                                                      SHA1

                                                                                                      a6ff8c58f693fcd9ca68887dfa10c7db29571f1b

                                                                                                      SHA256

                                                                                                      1e19cfa75b8d279d6295258451a6e2e8fde33c529050e8975ad77d38eb901b88

                                                                                                      SHA512

                                                                                                      dc697b5b083d69b98aa75a6ffe402430231ac1bbb2b313218e77937bd1571171859b3532a4b441bb674f591568050a45e3d3a19a97d4dff73dae70e15f8e34be

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      675000dac22e31a70e9a14774aebe500

                                                                                                      SHA1

                                                                                                      edfca5093e1cf1cfa7f3ac2ecd72dc1f4c8639c7

                                                                                                      SHA256

                                                                                                      a8224ae3fb5960e24e88016654c49f21d00af01f62ebb71a05934e46a1e3758b

                                                                                                      SHA512

                                                                                                      565b2e65dd7990295312e60e14d5dc4e845411dd1a06d7b3b7f8cf60250cb26593814da8899865f625af6c42537809e6615bd9d514ed972244133f147faa0582

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                      Filesize

                                                                                                      111B

                                                                                                      MD5

                                                                                                      285252a2f6327d41eab203dc2f402c67

                                                                                                      SHA1

                                                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                      SHA256

                                                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                      SHA512

                                                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                      Filesize

                                                                                                      871B

                                                                                                      MD5

                                                                                                      2fe3c405fa6de113e19f169745d8b44f

                                                                                                      SHA1

                                                                                                      2811177a13e6d73795b4a7c6ed6e07c9d7728934

                                                                                                      SHA256

                                                                                                      a28c9e70ff1da0c3281122fabda9fcba12dd30083db755e53aeffc1b375917a0

                                                                                                      SHA512

                                                                                                      15baeeec76b077b3c39cc1b9d40b238bf570d5626e4e8de359754809f5ab248f957427c0b8206619054a5d4ebb1751da9928ccfeac6384e094a61e0923210615

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                      Filesize

                                                                                                      111B

                                                                                                      MD5

                                                                                                      807419ca9a4734feaf8d8563a003b048

                                                                                                      SHA1

                                                                                                      a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                      SHA256

                                                                                                      aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                      SHA512

                                                                                                      f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                      Filesize

                                                                                                      788B

                                                                                                      MD5

                                                                                                      049d4399bdc95940dbd06338fc14b09c

                                                                                                      SHA1

                                                                                                      29aff3e03f5d9bbb3b8fd421598204aa5ba68b06

                                                                                                      SHA256

                                                                                                      4f6331ae82f1f8507819ee54765740cd862dc2f3db90d6ec30b20e3439ab9e97

                                                                                                      SHA512

                                                                                                      51c361a11f51cd2b6ed4dcddcf4e591715b59fc96ac320716ab38394cb96d778856650344b414b8b3d93d3bae633410eb238abcb6e18d7fdc1aeac651893db6b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      236264e051e68a6a339e4c8a9e5eb2fe

                                                                                                      SHA1

                                                                                                      8d82519631529580856878239552252951e481fc

                                                                                                      SHA256

                                                                                                      ff776dd76b72ca5e33f8b9ca96ade8ca30c4b5e0e31bdad45851e104c8b2c6e2

                                                                                                      SHA512

                                                                                                      acc96ee8520ccb18e35318f62a035f5cb9908b8a6279df3136b86276b0df1a9b58299c83f804fe92d761156f27d8114dc6d8e024e5acff288577ab90b40d876f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      6e0c3f5102d797ebd3734ddd8be705e7

                                                                                                      SHA1

                                                                                                      371e596424d3e14328d1f11fb2c450fc296345e4

                                                                                                      SHA256

                                                                                                      9f5d8d4b73461587ed4868255d25d15abc35b143dd3365c2aa686f3c8ab9453d

                                                                                                      SHA512

                                                                                                      35c219fd3429a4df986f00d09e46f83832cb846a7ae8201ae03068c29c423c58f7dbaa618c9a66620751813583f97333a2f08be598f54d299470b680110f8f7b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      cc73be2f14f226cfb1de874227e68112

                                                                                                      SHA1

                                                                                                      d3a111dd417602a633a10a1b57b5214076a7665d

                                                                                                      SHA256

                                                                                                      84e245d4e2a346134a015db962851311c0b3839768453cfe41dc6ba59d0523d0

                                                                                                      SHA512

                                                                                                      e599a79adef3adf1c365da5e34b9aed3a419ebe8c1ac21d9e0f984da756d4b4823f8142055de878cd5f8e10eff41b8ef49b24549c6960ab581310458555ed1c9

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      0a3cfc2f1c9ea97783a2eba20d8bd6e3

                                                                                                      SHA1

                                                                                                      f413959bc4c09f024b4f095c04f71566ca5039e1

                                                                                                      SHA256

                                                                                                      51a02e6ef62d4c6053034226986c52285da7dd92954a04bf8675943a745c57f4

                                                                                                      SHA512

                                                                                                      7c2642f31f7b0a5f47ed2cde57c9897fbcb600972a2e34ac7220509045e50db54a3e301195eff67a364cfaf78fa89d906ac677447eaaeb0e548154cf05004006

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      815f1d83da6ac9a019db1e11acea2a1d

                                                                                                      SHA1

                                                                                                      2eb178de7b0a0c371573fd694afb6b8b3cb599f6

                                                                                                      SHA256

                                                                                                      625f1dda9d68917cf15e2e73043755927d9bc70f93900b80a4cd410683055e7e

                                                                                                      SHA512

                                                                                                      0b32b4a60bcb5733a05e7359c18cac90709edf38052729cd37245fcd2f57ec1af078cedf6c24bf2fbe7140aa18b6cc4dfb11316f1dc4949570b8022f42f833ca

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      25b198ba7cb6d797662a74d9917589d2

                                                                                                      SHA1

                                                                                                      0e8e6828501da18494e7b0b8bf7929f872bdd85c

                                                                                                      SHA256

                                                                                                      fb8bf689ec1279009ba1876b5e47226e83f7ea3ba5e7ab3453128eaf1beedca4

                                                                                                      SHA512

                                                                                                      ee377dc7e238e9802def2aac6ea727d19bf7c6503342921177835fd4f4920ccac521eb5da6613802f15103b41392f5b359ffaccc4a923ed2b2ee57695aec1f32

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      e64c10760c8923107763b79d8de64f47

                                                                                                      SHA1

                                                                                                      7fb1253f2d6e9b31d81bc6e0bf43022ef7e49229

                                                                                                      SHA256

                                                                                                      2b23b038ef155b707169824111c5afec5eb9a64a4f51b84ac434841bdd2d0009

                                                                                                      SHA512

                                                                                                      713a85e3e7bf20fa0a4d81c4e533d1c71eb433f0be990d54a5c1d830a05060943c64b4c8b89ea8bf6a3e9f60ad3212ab10e55ffe7acbde141a643317af284b37

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      5077025437fbe6147847e477c9049a83

                                                                                                      SHA1

                                                                                                      89df088899cd435d1fd465812dfc866f7ecb0d94

                                                                                                      SHA256

                                                                                                      f1007cef3dc3c08ee2df3abe7bebaa3ae1ebdefa136870556f61204752f359b5

                                                                                                      SHA512

                                                                                                      a75e779b45c58935221a7f0d1e4de51a7fc00a0eada1ed2c2658dd22a63f132cec5633bb5f66b910f9c79a99015d90008a4b85786df7a98a59bb76249f367bd3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      82d29089126a6c864092712caab74e18

                                                                                                      SHA1

                                                                                                      df195439b776785259f7b14f15b31ef724156765

                                                                                                      SHA256

                                                                                                      0088114e8ee4892532cb0270a472772cb66dfadbeeaf6a831e92b638250b2b6a

                                                                                                      SHA512

                                                                                                      dfcea15769a5607d8956c3f11824aa3b168e42f8f6a68f0eabf06eaf6fa2533b8e86f9c4b05d7ca8c61ba7a74e550bfab1777354089329bf27f397cfb1b7206a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      ca05736f48b78b37341de371be746419

                                                                                                      SHA1

                                                                                                      dcaa4c6f04db066c8ab74231266500db15489f9a

                                                                                                      SHA256

                                                                                                      72e716300162c0f490746457e4c5a2421cb70534dff081a4e9795e6fdb05fad8

                                                                                                      SHA512

                                                                                                      cec77b8fa4a4a967f3d47c5f48f02b720e6b72688e8335c01253f1841a7e347c3e566ab5512fa6cf969474747193c51bf73ab064f320abb3290d58e90bf7797c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      f2c3f0ca5fb01dbb3b228a56ec004c00

                                                                                                      SHA1

                                                                                                      35deeae8dcc1929eedbaa35e34d8ad3d84040392

                                                                                                      SHA256

                                                                                                      81caeccb4627d5dfebc85225978f55d9d1c9bff89c80a079748c218cda38f6e0

                                                                                                      SHA512

                                                                                                      5f58ad1ab3419aea8ec05c41fc073997fb56cc20207077091eb1b5263cb28b678c8cebe9460cc0d2d263e402e3c24317e7b279200810658847a64c7208131528

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      6dac2fdd742a3a3acfdde692f0ab4263

                                                                                                      SHA1

                                                                                                      d25c5c2beb66aa3d6146f73804ad11b57d8c7408

                                                                                                      SHA256

                                                                                                      03be27abc74567c8b9085d21991267a60fc208d8334bee05dd78c4ae905645e6

                                                                                                      SHA512

                                                                                                      37b494590a79709644a56dc6f86f9c245f20b781eedaee7fd1b2cedf5f4041f571e3fa931393dd3b148d350b05a1d05b8f093b35e128e2af98d2024e3ef39bf6

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      8babc569ee3f8dd9b0686c49d95c46e9

                                                                                                      SHA1

                                                                                                      31552eb5a14e0f990f5aec3c958ce86d0230579e

                                                                                                      SHA256

                                                                                                      f1a5835aeb433258343ce4cbf329445db16fff8acc9a68b208d0069a40cc8f47

                                                                                                      SHA512

                                                                                                      932cfbff6471768e3a228146464e4be47925c0f2e1b9a8a4b156d0c3ef73c860a7d136d5b74804a05f2b7889abf67675ed169c6a2f2426e9f6848e21fb1d3291

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      1f06bfeedc721c22de9f61d70b9bc189

                                                                                                      SHA1

                                                                                                      d54e521bb6bd619fdb51fa4d1dc559c46b8d2393

                                                                                                      SHA256

                                                                                                      a32788d12e8a61126861df6d3e81a54ae895abec64c55702e1fa57b02e8420ab

                                                                                                      SHA512

                                                                                                      fc0325bc682d75a351d81a94e95880c9fd852e61f417f987638d504e1034e61b2add591d5bd92fc6748abb2b213fc3785c5ba3f1cd7997b125de974b16609004

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      4a00bdee27b50226d605747e9cfce469

                                                                                                      SHA1

                                                                                                      0912836c9bd7cdbfc65cb1a5b641004e875aed7c

                                                                                                      SHA256

                                                                                                      44ea7a714876d553b5e1c5d6b117a0d382c7a12e934a586290396823d2b1ef7c

                                                                                                      SHA512

                                                                                                      bf2c8917d32964e8fc956445318e692cce4aa250e23a089d1f7cb029649c06e238e6dcbc243b59d8a40965306c24df18c110c38ce48ecb836fa998523d3304ee

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      7ffb5643a25e7868f1ba1276e0971164

                                                                                                      SHA1

                                                                                                      9ce2d9f74d30acf17a876aacc846374efd177e90

                                                                                                      SHA256

                                                                                                      80aee6ca27b029dd6f25618c28a79f34dd31a7a43270ca313fef9047ae810bc3

                                                                                                      SHA512

                                                                                                      92eba977a286eb3647661641bfa8aac2c6d24c0248c8b50d92377cc215cc01ea93dd59c759a412c7cfb5cbd21925105ff2b59799f2e0725e109359ed18536c5f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      645488c665a319435ff6e5983f38dede

                                                                                                      SHA1

                                                                                                      183c12a8bdebe9ba09e426d448521b91fe4ad9b5

                                                                                                      SHA256

                                                                                                      af8dc0a6540c70b3341d317f8e99d0d9731ff5d39814ec9f768b8651d678666d

                                                                                                      SHA512

                                                                                                      cf3e0e87ce8dacc7eae78d1d04ea50ea702dc0de2efced0f2185a860d98ec08b435f3832a0d68be69b438c9f3f17b5c24bc5dbb7209b7b6d1559952f0616e70b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      9489716e07fcc13421b680e991e90dc1

                                                                                                      SHA1

                                                                                                      afb0dfcd6edb7ec9c0d0d6bf6d51f27765b37e32

                                                                                                      SHA256

                                                                                                      83e0364a84ed8bf7da1b6765690fe811e7453a4c0217a2211698accd5dd26c2e

                                                                                                      SHA512

                                                                                                      9bbd664c6139a44cacf0971c1974a60af5c8c3c6b338dab72d3d48904ce239d59645de5d6bcabdad7a019bce36059882c57d0a07a48b2a5ec968aa23d503ba7d

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      83f5b96d4edcc73c74fd8583bf08cef3

                                                                                                      SHA1

                                                                                                      cd7b4cccb40c65352a22a87378217424e8da7adf

                                                                                                      SHA256

                                                                                                      3a2130c2296265ef35ba2c6456eaf1036d34d534f17579a403d6fc941ae722c1

                                                                                                      SHA512

                                                                                                      7b126296170d665adbe484303e0b5baa7228ec913bb05dd6e8b909aaf3c093d4719a8e5049c120bc439b13e262eeb2e3ad89d074aff156c50437d5e575db363a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      8d77890b7dfa4f5bc2b06effe6cb81ae

                                                                                                      SHA1

                                                                                                      ed927492e69773c343ef2605dcea6a76f072a161

                                                                                                      SHA256

                                                                                                      ee6c55e2c9f43ce9b4d4ca1b82c24f4eeda88efa667479625b8827b621b96ea2

                                                                                                      SHA512

                                                                                                      d770f12f2badf8056605a9c1d77d6852db71f02eb72f01dc1dae70ac2ad74586f4977f7b33c347dde36a7ca84551e45b8986e8b7050608fba81d82090d54cc59

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      a6139b83bea38c683008ffdd0d7709e3

                                                                                                      SHA1

                                                                                                      793d7686fada899f3ca61952d4e6a3e04c058b6a

                                                                                                      SHA256

                                                                                                      d70248f2d1dd81972659b58887c8ac1a03abe9ee7b9a235adfd8b47fb81cc6b3

                                                                                                      SHA512

                                                                                                      8cd363cc944f196802430f3ae365bcfb38c329863ea59e4b054ccae628b23624246f3e7930eb54b5ee1ca457ad333d0f75ea3205746714984cc212a031e7d22a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c2255.TMP
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      060b088ccd4f7ed41a84000581a0ead3

                                                                                                      SHA1

                                                                                                      5e4f534dc27316a24d4c0d714454352788801b81

                                                                                                      SHA256

                                                                                                      456aed31e171344dabd4a4b3794422f4446ad3acf5e6038e4bc7999bc9532a61

                                                                                                      SHA512

                                                                                                      222f5245117fe3895857b82ab3cf57d3b77e5b1b72c113c866a742d5780e05c0595b966e1f97dcaab3b335d35d4bd79f24d7635d78416cb54fb95ac7f3ff7c51

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                                      SHA1

                                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                      SHA256

                                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                      SHA512

                                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      177c43583c5d031bf768edba96a3d3f9

                                                                                                      SHA1

                                                                                                      accc7189bf84827d1d7a1d14d84e57ca03d79a19

                                                                                                      SHA256

                                                                                                      84431caee3a6b6585edeb0c83566f6b8e69adece5a0ca976cebff87d47d69448

                                                                                                      SHA512

                                                                                                      6c2cd8f84084f77caf7fdd189ff1aa136db33830750a5997ed8cbb20cc319bb8fc7e33d3db22d8a3495ac4be8784d850c7c43f7f76d0a76e0ed5ad285d2d2093

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      1eb023d3882df8eab2ceb24833c69a06

                                                                                                      SHA1

                                                                                                      3babf2df9b78d2b59c26b3c73cb40b79aa7e0b20

                                                                                                      SHA256

                                                                                                      060e1cd33b15e2a03fcb7156e9cf37eef13dfa969d900ccbdbf5493d904ba99f

                                                                                                      SHA512

                                                                                                      7190afedbd2f6712e12f9a101c1389ab8053d8dff9e7a321828948cec9345863c923a0a20935c6377c98ed19c1951bb3b82cf630e4d4fe6f9af9a0cc90c425df

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      f6fd2341c08ad4ac5b347d9f430f7397

                                                                                                      SHA1

                                                                                                      b22a2ac01036dfb066b11a80607ac5230922303e

                                                                                                      SHA256

                                                                                                      fbebf0755cf0f2e4308233420a233ddb5b615ab7837a6ea98181249168972bf6

                                                                                                      SHA512

                                                                                                      fa8f2e78e240e02e07bc05b5ae14aca3ab6d16f1a910f1cdb81308f42d8f9ad1c8907dd95d57c33fafba42640fa94a32a1e756bf0829a4c513371e6e1b161891

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      e605907fe02dfb6ae298799b3ef35bc4

                                                                                                      SHA1

                                                                                                      2555b26b5190a4041a3defbc446b2d4523363e3b

                                                                                                      SHA256

                                                                                                      6ce7b67fccca9e8170d113fd11929f6e640a4ade0b1c6217136093bf2fa54c8f

                                                                                                      SHA512

                                                                                                      db49d16508bb85826de3979e6ee8df2306f562ee78e8e97e81f72c206c1dbfd1d965b97e5f497f3f6a7207cc5f54c08796660a9e4f624c7f7f96fde637571cfa

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      ae8768038bfe841005ab43c6cac0aa48

                                                                                                      SHA1

                                                                                                      e7e8c956b3df7183bd6c4442cfdc56d0c702eb44

                                                                                                      SHA256

                                                                                                      0de2a53846ddb06ab2c6759d328ed286217dcc458b32102d277e95c5653c7fa2

                                                                                                      SHA512

                                                                                                      fc9217239bf27291a4edd99fb7e333f6886f87f86bd167c1cba4d4d314746532115928685dc94056130a5c678022e9a1ad8243e07fad8e6daf13814f4d16a8e1

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      b0e64f0ae23834391bd48e27d15baf77

                                                                                                      SHA1

                                                                                                      e43b2ce68384d2265e7e2da59eca3f034e704038

                                                                                                      SHA256

                                                                                                      8bddc056bc5a3eeebb8aef28caa942d673e6cb026e775697247c39d840186ddc

                                                                                                      SHA512

                                                                                                      24c3f0d3e3dcd04f2e546bb89752a768c414925cfcd965d85d2047dc92ebd7e99db41e267f0046a5ef2ea597468473da5d74a0031a64eddedc89e7d48144a13c

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      3aacc391c7887fd418117fb3dff1daac

                                                                                                      SHA1

                                                                                                      13d222e5e6515a7bbb37c8f6561a89665f0f8cb5

                                                                                                      SHA256

                                                                                                      afa9bc9dfa3c10ac0f6452835137c25228cdcd46f8c20de953c4fd9ce2ce35ec

                                                                                                      SHA512

                                                                                                      27b769890108c104f79f7a0c4bca244e0d2dcd1c988a8fb5a481a3397f5ac7557403a95ad07d468a7de0c4754f375a5b5fdcee982eff16b38340f83ae361a0db

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___IG8MMF8_.hta
                                                                                                      Filesize

                                                                                                      76KB

                                                                                                      MD5

                                                                                                      0c43634cb524f1153faffac5f4111c41

                                                                                                      SHA1

                                                                                                      cfb3843cde9081457a0bb518469148a3feed6353

                                                                                                      SHA256

                                                                                                      e4bd657a23827a877aa13a2a5b38cd996bd33e0869f796808e813d4f639597b8

                                                                                                      SHA512

                                                                                                      a2611e40f269bb5e197201fcc73f8034e8cfd8ef2257631e0aa7e5d9472e25a26609d9d645f0372dbd51548d678ef49680dae2e37ff46dab21a8453970998dc4

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___ZA96_.txt
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      3ca952f4e5b6950decacba408796ece1

                                                                                                      SHA1

                                                                                                      0769d3f149eac7cd70aec497090a60726c5431b0

                                                                                                      SHA256

                                                                                                      fca16112aa2f5d0eaa12a6a369ce9b02c7e28a57298b3155956b43d461de4743

                                                                                                      SHA512

                                                                                                      e8f20bd7b9b6685f1903426f4b91c927d3b82c744a147b3931870066596491285dbb07c34345214493d66f1ca9f189c78ef5e3957068d2decccd3d1d2f2b5e8f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      39d1cc8595aece537d3dab82cc65a3a4

                                                                                                      SHA1

                                                                                                      773bd5c4104865a6b85e142d3b8307af68ad8a66

                                                                                                      SHA256

                                                                                                      089326902a0504fd01b8732a03bef26eeff58d2c85a25692c3284a330722d129

                                                                                                      SHA512

                                                                                                      70ef873f3eb2227b17813b2acd73ef20aad9756ebbcbe95ef21f0ea93a9746759cb327de699d28e415c69acb4cf1dcb1a041626c92de3047093fa9f78af4ad26

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat
                                                                                                      Filesize

                                                                                                      280B

                                                                                                      MD5

                                                                                                      41536e477797166f2642567767f19a50

                                                                                                      SHA1

                                                                                                      515666cd33c1a25ff0bcd71cf77d5b5238c2521f

                                                                                                      SHA256

                                                                                                      65eaa27218b8d5c5230bbdafbcef789dd8e1b01e6b9fcd0322e55c8cbbd298ac

                                                                                                      SHA512

                                                                                                      a244d7d6730fca05fd36f229f030be7e0d61754322894106fa0864c88dacae55f3abdf8864d439a7da3e0518c460517c3cb8590bd90c73b4da90742a34a3ea2a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\settings.dat
                                                                                                      Filesize

                                                                                                      280B

                                                                                                      MD5

                                                                                                      b0d07cbfe8f9914b0c5efc7b11095e92

                                                                                                      SHA1

                                                                                                      144d7b31c1c699dd2c4c069dcadd1a8c358520f3

                                                                                                      SHA256

                                                                                                      dc4974aaf05c18a707dd0a6a25b277d5df082f5405dca2a3c0d6f39afc099f12

                                                                                                      SHA512

                                                                                                      683953713c46093acd14c5c072b63f841bdbebbf461c4bd97d5943d6a51fda8557bb010a9bd6e86eb2e260cd108eb105635ec83eecf11ec7d64870295568c767

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Crashpad\throttle_store.dat
                                                                                                      Filesize

                                                                                                      20B

                                                                                                      MD5

                                                                                                      9e4e94633b73f4a7680240a0ffd6cd2c

                                                                                                      SHA1

                                                                                                      e68e02453ce22736169a56fdb59043d33668368f

                                                                                                      SHA256

                                                                                                      41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                                                      SHA512

                                                                                                      193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                                                                      Filesize

                                                                                                      48B

                                                                                                      MD5

                                                                                                      e7cbb42c82fad3233a7b7ea99ba9a412

                                                                                                      SHA1

                                                                                                      70201620b21481bb3d6d9a40d56c0b03be42ea28

                                                                                                      SHA256

                                                                                                      a0b66f2c6919815f78f32cfd0bf47c6bcb03b1a7dc163463011054255b88ca64

                                                                                                      SHA512

                                                                                                      8eb9e4610572e1995aceb6ea4bfee3ec9a8cf0f48e46bc9f2070dcd451bd39989d2e4ca752d6f05c8d54297a976d47a02a65c1d47357ff37d3c70a28537cc518

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                                                                      Filesize

                                                                                                      72B

                                                                                                      MD5

                                                                                                      51e30221035b3951b2c41c1d53b4ffdf

                                                                                                      SHA1

                                                                                                      21b3f7859ef9642b87a4fbe5ffe8f2266ed51e7a

                                                                                                      SHA256

                                                                                                      bed893d353a26e6b3e76bda6673a4a27675772bd8d6d77f0a9191cac26610179

                                                                                                      SHA512

                                                                                                      9a65765bed37831f385d5d6be6759b309b11b47b801134f661336982a36f9c4b1daf7e57bc2bc42c36a801733aba0476e2b3c390d75457ada19dd1443edd0ef6

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnWebGPUCache\data_0
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                                                                      SHA1

                                                                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                      SHA256

                                                                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                      SHA512

                                                                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnWebGPUCache\data_1
                                                                                                      Filesize

                                                                                                      264KB

                                                                                                      MD5

                                                                                                      d0d388f3865d0523e451d6ba0be34cc4

                                                                                                      SHA1

                                                                                                      8571c6a52aacc2747c048e3419e5657b74612995

                                                                                                      SHA256

                                                                                                      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                                                                      SHA512

                                                                                                      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnWebGPUCache\data_2
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      0962291d6d367570bee5454721c17e11

                                                                                                      SHA1

                                                                                                      59d10a893ef321a706a9255176761366115bedcb

                                                                                                      SHA256

                                                                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                      SHA512

                                                                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\DawnWebGPUCache\data_3
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      41876349cb12d6db992f1309f22df3f0

                                                                                                      SHA1

                                                                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                      SHA256

                                                                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                      SHA512

                                                                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Extension Rules\MANIFEST-000001
                                                                                                      Filesize

                                                                                                      41B

                                                                                                      MD5

                                                                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                      SHA1

                                                                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                      SHA256

                                                                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                      SHA512

                                                                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State
                                                                                                      Filesize

                                                                                                      806B

                                                                                                      MD5

                                                                                                      e24995b06d746d14a55647b3b7ff44c4

                                                                                                      SHA1

                                                                                                      72bd81373ffcbfd82215a95ed038a5d77d3121fe

                                                                                                      SHA256

                                                                                                      82e71593855bee5106d972443bb26c8b1905afafd8fcd16b2ecf97b75225310e

                                                                                                      SHA512

                                                                                                      747c146a92c426290c133c2dc7c60cbd833bbeeaba76d88044a11f08ed6c0f14eb33946907d1bf021de85096b9e79160734b5bc36af00178962a71b0f66d94e8

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\Network Persistent State~RFe58e569.TMP
                                                                                                      Filesize

                                                                                                      59B

                                                                                                      MD5

                                                                                                      2800881c775077e1c4b6e06bf4676de4

                                                                                                      SHA1

                                                                                                      2873631068c8b3b9495638c865915be822442c8b

                                                                                                      SHA256

                                                                                                      226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                      SHA512

                                                                                                      e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Network\SCT Auditing Pending Reports
                                                                                                      Filesize

                                                                                                      2B

                                                                                                      MD5

                                                                                                      d751713988987e9331980363e24189ce

                                                                                                      SHA1

                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                      SHA256

                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                      SHA512

                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      038f4d04af3a7452d56619321ec2fc75

                                                                                                      SHA1

                                                                                                      abafa112b45a50e9e6efabc5c0e34d7bf9997392

                                                                                                      SHA256

                                                                                                      228e402fa2f74d063b7888a997058a1e82b845601ceba2f789b33f3ec932293a

                                                                                                      SHA512

                                                                                                      6374357bd3b641130242b86cbeb09a182def0182a069076e1b1d64e7a10d6de2d869e2168a1694d668d9a054c78931719236398e434db14f751636c06f854121

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      e0794b99b0d1ca081a2f0f90069b6079

                                                                                                      SHA1

                                                                                                      66ecba8a957838424c7fdfbf81d9476fb16803b3

                                                                                                      SHA256

                                                                                                      c07dde42188b604ba799946ab59fe0ade092c0bf468774487dd251554eb1b6bf

                                                                                                      SHA512

                                                                                                      1d53ee4a6c51b03e8894f442413355438022ca3d4acc9fd6f4aa6da527cfc06fb1abb4e864d9cb56519cd06e33375de699992a990d217d74630366dca5aa7a72

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Preferences~RFe585e77.TMP
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      6a7765ea27e42416fad18b64b5fc84c4

                                                                                                      SHA1

                                                                                                      a7adb1f2e73982ec72f8108b84edbb5a7f85ca6e

                                                                                                      SHA256

                                                                                                      401ece0ac359a41a1404d46ebcd08c28cc5533c17c4b93b2b9ae4efb5d0000d7

                                                                                                      SHA512

                                                                                                      141ed2588c0e53872d446142045fe86cdac79231026e8b9f44a9fdc10253e91dea2f7405a932f79d0ff865cec7a0169814aab8e49a180f2a537e8044b0217b72

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Default\Sync Data\LevelDB\CURRENT
                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                      SHA1

                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                      SHA256

                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                      SHA512

                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      2bf3ebbc77ad89119a9ba89e6d98297d

                                                                                                      SHA1

                                                                                                      73fcb680e18689ef788c6cb610aad90475ccb9d2

                                                                                                      SHA256

                                                                                                      c275095d4c58d0ce8966c111ce642949cb15c37ca31be7612e6df16c1fc8eabf

                                                                                                      SHA512

                                                                                                      1a6691400ba2bd630ad80330639f3196abdcf5a8eaabb2df0ea2ea10f6890176bb3814c8f35bd17579481c5eab65bdc055529d94694ae075aaef4794f190c6bc

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      184789380f89a4467f8b4b21fe2503df

                                                                                                      SHA1

                                                                                                      048dd125e97e258d86e45f28aab9abd068251941

                                                                                                      SHA256

                                                                                                      1f4e5eca9e9d343ddb6ca50a4638d467f365621b35ea3ab4eb54f59bdfa1cc89

                                                                                                      SHA512

                                                                                                      b72fc4088ed1901493c2171dddeb549d1a1ba76d4c638b52617b7e1f9e8cfe895f6a539cdcca1228fba616bfd4e3dd6a32c4caa8f3bcdfb1e61d7dc45f5975df

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      f1761c38e1312d8e83b9bad60b04d92d

                                                                                                      SHA1

                                                                                                      c31da62c55b92d89c40e33672dd3ce6959dad9aa

                                                                                                      SHA256

                                                                                                      5a83d1bae5eb9a35df7f8bff5ea1e6fe84dc8e7575cd874de1b40268be42c19a

                                                                                                      SHA512

                                                                                                      cca75d615ecbd2c2540d1abdcae974249c937e157dba11b839370d29275d2fa942bee89e8b2ce73c6dad69843040138982697be2fc068505bbf6a969085bc0e3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
                                                                                                      Filesize

                                                                                                      16KB

                                                                                                      MD5

                                                                                                      c07dab936646d5be1e0415092f396602

                                                                                                      SHA1

                                                                                                      e1e054ff3811f2476ca540f9636e3815461cbc4d

                                                                                                      SHA256

                                                                                                      a76ad67b3ce62dbcd38aacfc2bbf6c0a12f5fb27e5aefa60c3980e6ddbb91f5a

                                                                                                      SHA512

                                                                                                      fa996f47f530f5db63126bd13de2277ca91b45c50dcc0376ae743cd64098ab9b30448e5f136f97dd8897b7d313b20abed6918582e78ee262a04f657bce60da50

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State
                                                                                                      Filesize

                                                                                                      18KB

                                                                                                      MD5

                                                                                                      6e8434f873c9195808ffde23a365a6ac

                                                                                                      SHA1

                                                                                                      20f085ae99aa4313e704f43f8ba9a0fac1b5b063

                                                                                                      SHA256

                                                                                                      9d16ccd3cfb5bb49d4d65d60fb81fdee625184c94b59b0f00862baafe3df0bc1

                                                                                                      SHA512

                                                                                                      0008caa4891aa6733d07701954c2ae9120b08c7cd976091aa59da9bb75448ef39059bc495848ef69ff077d3830fa501c63af5ffb822c2cfe7034c82e3c3a3a8f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\com.bloxshade.tauri\EBWebView\Local State~RFe57bf87.TMP
                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      bb6c172c032a213f97f7e18a2f83f7a7

                                                                                                      SHA1

                                                                                                      45f513e3772136fd3178e622ddc7fa0f02237e89

                                                                                                      SHA256

                                                                                                      0487afb161015644fd0297fa79d512b90c36094ef3a152612f12d5f0899733cd

                                                                                                      SHA512

                                                                                                      9e95e495bbe3834352269bd5ce7aac7823bfdbaae2a05d4d4c9e7e861cdf4280b2a1d94cc973adce57fa97b98a71e94dac5738e1e0e003f1a59d4eda0a79d218

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\!Please Read Me!.txt
                                                                                                      Filesize

                                                                                                      797B

                                                                                                      MD5

                                                                                                      afa18cf4aa2660392111763fb93a8c3d

                                                                                                      SHA1

                                                                                                      c219a3654a5f41ce535a09f2a188a464c3f5baf5

                                                                                                      SHA256

                                                                                                      227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

                                                                                                      SHA512

                                                                                                      4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Blaster.A.exe
                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      5ae700c1dffb00cef492844a4db6cd69

                                                                                                      SHA1

                                                                                                      bed8e439f28a1a0d3876366cbd76a43cdccf60fa

                                                                                                      SHA256

                                                                                                      258f82166d20c68497a66d82349fc81899fde8fe8c1cc66e59f739a9ea2c95a9

                                                                                                      SHA512

                                                                                                      2cc1ec68df94edc561dd08c4e3e498f925907955b6e54a877b8bc1fb0dd48a6276f41e44756ed286404f6a54f55edb03f8765b21e88a32fd4ca1eb0c6b422980

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 291106.crdownload
                                                                                                      Filesize

                                                                                                      96KB

                                                                                                      MD5

                                                                                                      60335edf459643a87168da8ed74c2b60

                                                                                                      SHA1

                                                                                                      61f3e01174a6557f9c0bfc89ae682d37a7e91e2e

                                                                                                      SHA256

                                                                                                      7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

                                                                                                      SHA512

                                                                                                      b4e5e4d4f0b4a52243d6756c66b4fe6f4b39e64df7790072046e8a3dadad3a1be30b8689a1bab8257cc35cb4df652888ddf62b4e1fccb33e1bbf1f5416d73efb

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 317972.crdownload
                                                                                                      Filesize

                                                                                                      291KB

                                                                                                      MD5

                                                                                                      e6b43b1028b6000009253344632e69c4

                                                                                                      SHA1

                                                                                                      e536b70e3ffe309f7ae59918da471d7bf4cadd1c

                                                                                                      SHA256

                                                                                                      bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a

                                                                                                      SHA512

                                                                                                      07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 600051.crdownload
                                                                                                      Filesize

                                                                                                      224KB

                                                                                                      MD5

                                                                                                      5c7fb0927db37372da25f270708103a2

                                                                                                      SHA1

                                                                                                      120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                                                      SHA256

                                                                                                      be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                                                      SHA512

                                                                                                      a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 810950.crdownload
                                                                                                      Filesize

                                                                                                      313KB

                                                                                                      MD5

                                                                                                      fe1bc60a95b2c2d77cd5d232296a7fa4

                                                                                                      SHA1

                                                                                                      c07dfdea8da2da5bad036e7c2f5d37582e1cf684

                                                                                                      SHA256

                                                                                                      b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d

                                                                                                      SHA512

                                                                                                      266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 913713.crdownload
                                                                                                      Filesize

                                                                                                      104KB

                                                                                                      MD5

                                                                                                      fa3348956253f9f733b28b4cf1d45942

                                                                                                      SHA1

                                                                                                      7185d2d017370978c757956be1bfaa4c787867b8

                                                                                                      SHA256

                                                                                                      00808f00ec970e3ed518ed40ba77f64be2b9761b02fbaea2047c5ac82d8b8f99

                                                                                                      SHA512

                                                                                                      7805fd530dbc37f72c39f729982a16cb03314ad1b1e115fd16e1679c54d90a3cbc2f2404fcb0f6d0196a919395d1842fd75fae8c0b97d2af06a94c57f3251add

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 950598.crdownload
                                                                                                      Filesize

                                                                                                      181KB

                                                                                                      MD5

                                                                                                      0826df3aaa157edff9c0325f298850c2

                                                                                                      SHA1

                                                                                                      ed35b02fa029f1e724ed65c2de5de6e5c04f7042

                                                                                                      SHA256

                                                                                                      2e4319ff62c03a539b2b2f71768a0cfc0adcaedbcca69dbf235081fe2816248b

                                                                                                      SHA512

                                                                                                      af6c5734fd02b9ad3f202e95f9ff4368cf0dfdaffe0d9a88b781b196a0a3c44eef3d8f7c329ec6e3cbcd3e6ab7c49df7d715489539e631506ca1ae476007a6a6

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 950598.crdownload:SmartScreen
                                                                                                      Filesize

                                                                                                      7B

                                                                                                      MD5

                                                                                                      4047530ecbc0170039e76fe1657bdb01

                                                                                                      SHA1

                                                                                                      32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                      SHA256

                                                                                                      82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                      SHA512

                                                                                                      8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Downloads\u.wry
                                                                                                      Filesize

                                                                                                      236KB

                                                                                                      MD5

                                                                                                      cf1416074cd7791ab80a18f9e7e219d9

                                                                                                      SHA1

                                                                                                      276d2ec82c518d887a8a3608e51c56fa28716ded

                                                                                                      SHA256

                                                                                                      78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

                                                                                                      SHA512

                                                                                                      0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\Favorites\JGETVTS-MANUAL.txt.RENSENWARE
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      ed0afeaf0355d6a1e04fdfba77bbddad

                                                                                                      SHA1

                                                                                                      eae54e687010c4c95a6b06ad740f62371d097d7d

                                                                                                      SHA256

                                                                                                      5736f13364886f1f66c7e91ed30c8aced1e9e4ea3aaa38088a89ec1e9833bbe9

                                                                                                      SHA512

                                                                                                      57b49b73a1bb4b0596d4285e9fe1b1fc2818ea0eb7883585a59f280b3bda053bf79d442438ed16960a121037812148d8289d8fcb7c78b57e5b3434f5298c24ff

                                                                                                      Download Submit

                                                                                                    • C:\Users\Public\Desktop\!WannaDecryptor!.exe.lnk
                                                                                                      Filesize

                                                                                                      590B

                                                                                                      MD5

                                                                                                      a61a8cafdcf975a108ab2bd5f39f6502

                                                                                                      SHA1

                                                                                                      8972f2b6d527660d498f1c1dbf6eb1be44733f4f

                                                                                                      SHA256

                                                                                                      7c0ec300b8e7e7ff2965087b174f89d7a1de66d26429b500d79c78fe88c9264f

                                                                                                      SHA512

                                                                                                      15a831f04823d909afcc4a7daac9c962d8d851c7f51dc7dd87718bddf50ebaedb8d40034e08cd2517d2c7a6917f10decdf723fd33dc97275f3f6e199ae422f69

                                                                                                      Download Submit

                                                                                                    • F:\$RECYCLE.BIN\S-1-5-21-189444705-1272902858-1305688695-1000\JGETVTS-MANUAL.txt
                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      0e59b15ea23d689cef96d0b5fd1252e2

                                                                                                      SHA1

                                                                                                      98f3f46770a7aed7f5ae2e2a642855f9733b4c43

                                                                                                      SHA256

                                                                                                      88415fbf7d314a0bf000aa096c8e28f33b486b0d83d8dd5bf0f721c084c9aa95

                                                                                                      SHA512

                                                                                                      bef8eb707daaaf34e620e42efd40acf17cef9313caf1b6c909ae94c38da4dc2a7cc8fe647db5089a4cb0a70a8cacb470b6cfc51026ef3f73ee7e29fdedabd734

                                                                                                      Download Submit

                                                                                                    • memory/1604-979-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                      Filesize

                                                                                                      36KB

                                                                                                      Download

                                                                                                    • memory/1604-1008-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                      Filesize

                                                                                                      36KB

                                                                                                      Download

                                                                                                    • memory/1792-54-0x00007FF95EE20000-0x00007FF95EE21000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1792-53-0x00007FF95EE10000-0x00007FF95EE11000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2168-3025-0x000000001C750000-0x000000001C7EC000-memory.dmp

                                                                                                      Filesize

                                                                                                      624KB

                                                                                                      Download

                                                                                                    • memory/2168-3024-0x000000001C1E0000-0x000000001C6AE000-memory.dmp

                                                                                                      Filesize

                                                                                                      4.8MB

                                                                                                      Download

                                                                                                    • memory/2892-901-0x0000000000400000-0x000000000041A400-memory.dmp

                                                                                                      Filesize

                                                                                                      105KB

                                                                                                      Download

                                                                                                    • memory/2892-899-0x0000000000400000-0x000000000041A400-memory.dmp

                                                                                                      Filesize

                                                                                                      105KB

                                                                                                      Download

                                                                                                    • memory/4000-200-0x00000190BB200000-0x00000190BB32A000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.2MB

                                                                                                      Download

                                                                                                    • memory/4000-144-0x00007FF95F8F0000-0x00007FF95F8F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4380-215-0x000001EBC18E0000-0x000001EBC1A0A000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.2MB

                                                                                                      Download

                                                                                                    • memory/4380-307-0x000001EBC18E0000-0x000001EBC1A0A000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.2MB

                                                                                                      Download

                                                                                                    • memory/4380-199-0x000001EBC18E0000-0x000001EBC1A0A000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.2MB

                                                                                                      Download

                                                                                                    • memory/4380-31-0x00007FF95F8F0000-0x00007FF95F8F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-291-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-298-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-295-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-289-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-296-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-301-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-299-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-300-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-290-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4956-297-0x0000021C27ED0000-0x0000021C27ED1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download