Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

RNSM00269.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    243s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2025, 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00269.7z

  • Size

    7.5MB

  • MD5

    0c0f6046592a1d447586c0898c572f3b

  • SHA1

    e818cecc31794640e06d6ec86795d7765e481c7b

  • SHA256

    0675087b8e5b5712b65568224783e6b7f27a26b44dc2361ca3b1e6cd2a5cc338

  • SHA512

    19784b266ed7cbde7e3a3121c3d37fd6b667b1218a36b671c3ca87f7121a51d95d10f7d7e7237d8ec3b85f592dd32109b4e09be40ae711a0e311f685c5b69336

  • SSDEEP

    196608:RL6nz7HFqicmfW9dyVnlIKYHx3TzTucytZeiSAdc9or:Envlz+9Qp5YTzTbS2Ec9or

Score
10/10
cerberdefense_evasiondiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Extracted

Path

C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.txt

Family

cerber

Ransom Note
C E R B E R R A N S O M W A R E ######################################################################### Cannot you find the files you need? Is the content of the files that you looked for not readable? It is normal because the files' names, as well as the data in your files have been encrypted. Great! You have turned to be a part of a big community "#Cerber Ransomware". ######################################################################### !!! If you are reading this message it means the software "Cerber" has !!! been removed from your computer. !!! HTML instruction ("# DECRYPT MY FILES #.html") always contains a !!! working domain of your personal page! ######################################################################### What is encryption? ------------------- Encryption is a reversible modification of information for security reasons but providing full access to it for authorized users. To become an authorized user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an individual private key. But not only it. It is required also to have the special decryption software (in your case "Cerber Decryptor" software) for safe and complete decryption of all your files and data. ######################################################################### Everything is clear for me but what should I do? ------------------------------------------------ The first step is reading these instructions to the end. Your files have been encrypted with the "Cerber Ransomware" software; the instructions ("# DECRYPT MY FILES #.html" and "# DECRYPT MY FILES #.txt") in the folders with your encrypted files are not viruses, they will help you. After reading this text the most part of people start searching in the Internet the words the "Cerber Ransomware" where they find a lot of ideas, recommendations and instructions. It is necessary to realize that we are the ones who closed the lock on your files and we are the only ones who have this secret key to open them. !!! Any attempts to get back your files with the third-party tools can !!! be fatal for your encrypted files. The most part of the third-party software change data within the encrypted file to restore it but this causes damage to the files. Finally it will be impossible to decrypt your files. When you make a puzzle, but some items are lost, broken or not put in its place - the puzzle items will never match, the same way the third-party software will ruin your files completely and irreversibly. You should realize that any intervention of the third-party software to restore files encrypted with the "Cerber Ransomware" software may be fatal for your files. ######################################################################### !!! There are several plain steps to restore your files but if you do !!! not follow them we will not be able to help you, and we will not try !!! since you have read this warning already. ######################################################################### For your information the software to decrypt your files (as well as the private key provided together) are paid products. After purchase of the software package you will be able to: 1. decrypt all your files; 2. work with your documents; 3. view your photos and other media; 4. continue your usual and comfortable work at the computer. If you understand all importance of the situation then we propose to you to go directly to your personal page where you will receive the complete instructions and guarantees to restore your files. ######################################################################### There is a list of temporary addresses to go on your personal page below: _______________________________________________________________________ | | 1. http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C | | 2. http://52uo5k3t73ypjije.n41n1a.top/8577-F0C6-7F5A-006D-FF6C | | 3. http://52uo5k3t73ypjije.3odvfb.top/8577-F0C6-7F5A-006D-FF6C | | 4. http://52uo5k3t73ypjije.pap44w.top/8577-F0C6-7F5A-006D-FF6C | | 5. http://52uo5k3t73ypjije.onion.to/8577-F0C6-7F5A-006D-FF6C |_______________________________________________________________________ ######################################################################### What should you do with these addresses? ---------------------------------------- If you read the instructions in TXT format (if you have instruction in HTML (the file with an icon of your Internet browser) then the easiest way is to run it): 1. take a look at the first address (in this case it is http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C); 2. select it with the mouse cursor holding the left mouse button and moving the cursor to the right; 3. release the left mouse button and press the right one; 4. select "Copy" in the appeared menu; 5. run your Internet browser (if you do not know what it is run the Internet Explorer); 6. move the mouse cursor to the address bar of the browser (this is the place where the site address is written); 7. click the right mouse button in the field where the site address is written; 8. select the button "Insert" in the appeared menu; 9. then you will see the address http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C appeared there; 10. press ENTER; 11. the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address if falling. If for some reason the site cannot be opened check the connection to the Internet; if the site still cannot be opened take a look at the instructions on omitting the point about working with the addresses in the HTML instructions. If you browse the instructions in HTML format: 1. click the left mouse button on the first address (in this case it is http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C); 2. in a new tab or window of your web browser the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address. If for some reason the site cannot be opened check the connection to the Internet. ######################################################################### Unfortunately these sites are short-term since the antivirus companies are interested in you do not have a chance to restore your files but continue to buy their products. Unlike them we are ready to help you always. If you need our help but the temporary sites are not available: 1. run your Internet browser (if you do not know what it is run the Internet Explorer); 2. enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER; 3. wait for the site loading; 4. on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed; 5. run Tor Browser; 6. connect with the button "Connect" (if you use the English version); 7. a normal Internet browser window will be opened after the initialization; 8. type or copy the address ________________________________________________________ | | | http://52uo5k3t73ypjije.onion/8577-F0C6-7F5A-006D-FF6C | |________________________________________________________| in this browser address bar; 9. press ENTER; 10. the site should be loaded; if for some reason the site is not loading wait for a moment and try again. If you have any problems during installation or operation of Tor Browser, please, visit https://www.youtube.com/ and type request in the search bar "install tor browser windows" and you will find a lot of training videos about Tor Browser installation and operation. If TOR address is not available for a long period (2-3 days) it means you are late; usually you have about 2-3 weeks after reading the instructions to restore your files. ######################################################################### Additional information: You will find the instructions for restoring your files in those folders where you have your encrypted files only. The instructions are made in two file formats - HTML and TXT for your convenience. Unfortunately antivirus companies cannot protect or restore your files but they can make the situation worse removing the instructions how to restore your encrypted files. The instructions are not viruses; they have informative nature only, so any claims on the absence of any instruction files you can send to your antivirus company. ######################################################################### Cerber Ransomware Project is not malicious and is not intended to harm a person and his/her information data. The project is created for the sole purpose of instruction regarding information security, as well as certification of antivirus software for their suitability for data protection. Together we make the Internet a better and safer place. ######################################################################### If you look through this text in the Internet and realize that something is wrong with your files but you do not have any instructions to restore your files, please, contact your antivirus support. ######################################################################### Remember that the worst situation already happened and now it depends on your determination and speed of your actions the further life of your files.
URLs

http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C

http://52uo5k3t73ypjije.n41n1a.top/8577-F0C6-7F5A-006D-FF6C

http://52uo5k3t73ypjije.3odvfb.top/8577-F0C6-7F5A-006D-FF6C

http://52uo5k3t73ypjije.pap44w.top/8577-F0C6-7F5A-006D-FF6C

http://52uo5k3t73ypjije.onion.to/8577-F0C6-7F5A-006D-FF6C

http://52uo5k3t73ypjije.onion/8577-F0C6-7F5A-006D-FF6C

Extracted

Path

C:\Users\Admin\Downloads\# DECRYPT MY FILES #.html

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>&#067;erber &#082;ansomware</title> <style> a { color: #47c; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #333; font-family: "Helvetica Neue", Helvetica, "Segoe UI", Arial, freesans, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; line-height: 1.6; margin: 0; padding: 0; } hr { background-color: #e7e7e7; border: 0 none; border-bottom: 1px solid #c7c7c7; height: 5px; margin: 30px 0; } li { padding: 0 0 7px 7px; } ol { padding-left: 3em; } .container { background-color: #fff; border: 1px solid #c7c7c7; margin: 40px; padding: 40px 40px 20px 40px; } .info, .tor { background-color: #efe; border: 1px solid #bda; display: block; padding: 0px 20px; } .logo { font-size: 12px; font-weight: bold; line-height: 1; margin: 0; } .upd_on { color: red; display: block; } .upd_off { display: none; float: left; } .tor { padding: 10px 0; text-align: center; } .url { margin-right: 5px; } .warning { background-color: #f5e7e7; border: 1px solid #ebccd1; color: #a44; display: block; padding: 15px 10px; text-align: center; } </style> </head> <body> <div class="container"> <h3>C E R B E R&nbsp;&nbsp;&nbsp;R A N S O M W A R E</h3> <hr> <p>Cannot you find the files you need?<br>Is the content of the files that you looked for not readable?</p> <p>It is normal because the files' names, as well as the data in your files have been encrypted.</p> <p>Great!<br>You have turned to be a part of a big community "#Cerber Ransomware".</p> <hr> <p><span class="warning">If you are reading this message it means the software "Cerber" has been removed from your computer.</span></p> <hr> <h3>What is encryption?</h3> <p>Encryption is a reversible modification of information for security reasons but providing full access to it for authorized users.</p> <p>To become an authorized user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an individual private key.</p> <p>But not only it.</p> <p>It is required also to have the special decryption software (in your case "Cerber Decryptor" software) for safe and complete decryption of all your files and data.</p> <hr> <h3>Everything is clear for me but what should I do?</h3> <p>The first step is reading these instructions to the end.</p> <p>Your files have been encrypted with the "Cerber Ransomware" software; the instructions ("# DECRYPT MY FILES #.html" and "# DECRYPT MY FILES #.txt") in the folders with your encrypted files are not viruses, they will help you.</p> <p>After reading this text the most part of people start searching in the Internet the words the "Cerber Ransomware" where they find a lot of ideas, recommendations and instructions.</p> <p>It is necessary to realize that we are the ones who closed the lock on your files and we are the only ones who have this secret key to open them.</p> <p><span class="warning">Any attempts to get back your files with the third-party tools can be fatal for your encrypted files.</span></p> <p>The most part of the third-party software change data within the encrypted file to restore it but this causes damage to the files.</p> <p>Finally it will be impossible to decrypt your files.</p> <p>When you make a puzzle, but some items are lost, broken or not put in its place - the puzzle items will never match, the same way the third-party software will ruin your files completely and irreversibly.</p> <p>You should realize that any intervention of the third-party software to restore files encrypted with the "Cerber Ransomware" software may be fatal for your files.</p> <hr> <p><span class="warning">There are several plain steps to restore your files but if you do not follow them we will not be able to help you, and we will not try since you have read this warning already.</span></p> <hr> <p>For your information the software to decrypt your files (as well as the private key provided together) are paid products.</p> <p>After purchase of the software package you will be able to:</p> <ol> <li>decrypt all your files;</li> <li>work with your documents;</li> <li>view your photos and other media;</li> <li>continue your usual and comfortable work at the computer.</li> </ol> <p>If you understand all importance of the situation then we propose to you to go directly to your personal page where you will receive the complete instructions and guarantees to restore your files.</p> <hr> <div class="info"> <p>There is a list of temporary addresses to go on your personal page below:</p> <ol> <li><span class="upd_off" id="upd_1">Please wait...</span><a class="url" href="http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C" id="url_1" target="_blank">http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C</a>(<a href="#updateUrl" onClick="return updateUrl();" style="color: red;">Get a NEW address!</a>)</li> <li><a href="http://52uo5k3t73ypjije.n41n1a.top/8577-F0C6-7F5A-006D-FF6C" target="_blank">http://52uo5k3t73ypjije.n41n1a.top/8577-F0C6-7F5A-006D-FF6C</a></li> <li><a href="http://52uo5k3t73ypjije.3odvfb.top/8577-F0C6-7F5A-006D-FF6C" target="_blank">http://52uo5k3t73ypjije.3odvfb.top/8577-F0C6-7F5A-006D-FF6C</a></li> <li><a href="http://52uo5k3t73ypjije.pap44w.top/8577-F0C6-7F5A-006D-FF6C" target="_blank">http://52uo5k3t73ypjije.pap44w.top/8577-F0C6-7F5A-006D-FF6C</a></li> <li><a href="http://52uo5k3t73ypjije.onion.to/8577-F0C6-7F5A-006D-FF6C" target="_blank">http://52uo5k3t73ypjije.onion.to/8577-F0C6-7F5A-006D-FF6C</a></li> </ol> </div> <hr> <h3>What should you do with these addresses?</h3> <p>If you read the instructions in TXT format (if you have instruction in HTML (the file with an icon of your Internet browser) then the easiest way is to run it):</p> <ol> <li>take a look at the first address (in this case it is <span class="upd_off" id="upd_2">Please wait...</span><a class="url" href="http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C" id="url_2" target="_blank">http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C</a>);</li> <li>select it with the mouse cursor holding the left mouse button and moving the cursor to the right;</li> <li>release the left mouse button and press the right one;</li> <li>select "Copy" in the appeared menu;</li> <li>run your Internet browser (if you do not know what it is run the Internet Explorer);</li> <li>move the mouse cursor to the address bar of the browser (this is the place where the site address is written);</li> <li>click the right mouse button in the field where the site address is written;</li> <li>select the button "Insert" in the appeared menu;</li> <li>then you will see the address <span class="upd_off" id="upd_3">Please wait...</span><a class="url" href="http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C" id="url_3" target="_blank">http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C</a> appeared there;</li> <li>press ENTER;</li> <li>the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address if falling.</li> </ol> <p>If for some reason the site cannot be opened check the connection to the Internet; if the site still cannot be opened take a look at the instructions on omitting the point about working with the addresses in the HTML instructions.</p> <p>If you browse the instructions in HTML format:</p> <ol> <li>click the left mouse button on the first address (in this case it is <span class="upd_off" id="upd_4">Please wait...</span><a class="url" href="http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C" id="url_4" target="_blank">http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C</a>);</li> <li>in a new tab or window of your web browser the site should be loaded; if it is not loaded repeat the same instructions with the second address and continue until the last address.</li> </ol> <p>If for some reason the site cannot be opened check the connection to the Internet.</p> <hr> <p>Unfortunately these sites are short-term since the antivirus companies are interested in you do not have a chance to restore your files but continue to buy their products.</p> <p>Unlike them we are ready to help you always.</p> <p>If you need our help but the temporary sites are not available:</p> <ol> <li>run your Internet browser (if you do not know what it is run the Internet Explorer);</li> <li>enter or copy the address <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> into the address bar of your browser and press ENTER;</li> <li>wait for the site loading;</li> <li>on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>run Tor Browser;</li> <li>connect with the button "Connect" (if you use the English version);</li> <li>a normal Internet browser window will be opened after the initialization;</li> <li>type or copy the address <span class="tor">http://52uo5k3t73ypjije.onion/8577-F0C6-7F5A-006D-FF6C</span> in this browser address bar;</li> <li>press ENTER;</li> <li>the site should be loaded; if for some reason the site is not loading wait for a moment and try again.</li> </ol> <p>If you have any problems during installation or operation of Tor Browser, please, visit <a href="https://www.youtube.com/results?search_query=install+tor+browser+windows" target="_blank">https://www.youtube.com/</a> and type request in the search bar "install tor browser windows" and you will find a lot of training videos about Tor Browser installation and operation.</p> <p>If TOR address is not available for a long period (2-3 days) it means you are late; usually you have about 2-3 weeks after reading the instructions to restore your files.</p> <hr> <h3>Additional information:</h3> <p>You will find the instructions for restoring your files in those folders where you have your encrypted files only.</p> <p>The instructions are made in two file formats - HTML and TXT for your convenience.</p> <p>Unfortunately antivirus companies cannot protect or restore your files but they can make the situation worse removing the instructions how to restore your encrypted files.</p> <p>The instructions are not viruses; they have informative nature only, so any claims on the absence of any instruction files you can send to your antivirus company.</p> <hr> <p>Cerber Ransomware Project is not malicious and is not intended to harm a person and his/her information data.</p> <p>The project is created for the sole purpose of instruction regarding information security, as well as certification of antivirus software for their suitability for data protection.</p> <p>Together we make the Internet a better and safer place.</p> <hr> <p>If you look through this text in the Internet and realize that something is wrong with your files but you do not have any instructions to restore your files, please, contact your antivirus support.</p> <hr> <p>Remember that the worst situation already happened and now it depends on your determination and speed of your actions the further life of your files.</p> </div> <script> function getXMLHttpRequest() { if (window.XMLHttpRequest) { return new window.XMLHttpRequest; } else { try { return new ActiveXObject("MSXML2.XMLHTTP.3.0"); } catch(error) { return null; } } } function getUrlContent(url, callback) { var xhttp = getXMLHttpRequest(); if (xhttp) { xhttp.onreadystatechange = function() { if (xhttp.readyState == 4) { if (xhttp.status == 200) { return callback(xhttp.responseText.replace(/[\s ]+/gm, ""), null); } else { return callback(null, true); } } }; xhttp.open("GET", url + '?_=' + new Date().getTime(), true); xhttp.send(); } else { return callback(null, true); } } function server1(address, callback) { getUrlContent("http://btc.blockr.io/api/v1/address/txs/" + address, function(result, error) { if (!error) { var tx = /"tx":"([\w]+)","time_utc":"[\w-:]+","confirmations":[\d]+,"amount":-/.exec(result); if (tx) { getUrlContent("http://btc.blockr.io/api/v1/tx/info/" + tx[1], function(result, error) { if (!error) { var address = /"vouts":\[{"address":"([\w]+)"/.exec(result); if (address) { return callback(address[1], null); } else { return callback(null, true); } } else { return callback(null, true); } }); } else { return callback(null, true); } } else { return callback(null, true); } }); } function server2(address, callback) { getUrlContent("http://api.blockcypher.com/v1/btc/main/addrs/" + address, function(result, error) { if (!error) { var tx = /"tx_hash":"([\w]+)","block_height":[\d]+,"tx_input_n":[\d-]+,"tx_output_n":-/.exec(result); if (tx) { getUrlContent("http://api.blockcypher.com/v1/btc/main/txs/" + tx[1], function(result, error) { if (!error) { var address = /"outputs":\[{"value":[\d]+,"script":"[\w]+","spent_by":"[\w]+","addresses":\["([\w]+)"/.exec(result); if (address) { return callback(address[1], null); } else { return callback(null, true); } } else { return callback(null, true); } }); } else { return callback(null, true); } } else { return callback(null, true);

Signatures

  • Cerber 3 IoCs

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Cerber family
    cerber
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Contacts a large (557) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 26 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 5 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
    discovery
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 17 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 30 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 10 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Kills process with taskkill 8 IoCs
    defense_evasion
  • Modifies Control Panel 4 IoCs
    defense_evasion
  • Modifies registry class 9 IoCs
  • NTFS ADS 2 IoCs
  • Runs ping.exe 1 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00269.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4848
  • C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Users\Admin\Desktop\00269\HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe
      HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe
      2⤵
      • Cerber
      • Adds policy Run key to start application
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Suspicious use of AdjustPrivilegeToken
      PID:1388
      • C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
        "C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe"
        3⤵
        • Cerber
        • Adds policy Run key to start application
        • Checks computer location settings
        • Drops startup file
        • Executes dropped EXE
        • Adds Run key to start application
        • Sets desktop wallpaper using registry
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Control Panel
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:4960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html
          4⤵
            PID:6588
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa038946f8,0x7ffa03894708,0x7ffa03894718
              5⤵
                PID:6604
            • C:\Windows\system32\NOTEPAD.EXE
              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt
              4⤵
                PID:6620
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://52uo5k3t73ypjije.fr2vai.top/8577-F0C6-7F5A-006D-FF6C?auto
                4⤵
                  PID:6816
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa038946f8,0x7ffa03894708,0x7ffa03894718
                    5⤵
                      PID:6832
                  • C:\Windows\System32\WScript.exe
                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"
                    4⤵
                      PID:6852
                    • C:\Windows\system32\cmd.exe
                      /d /c taskkill /t /f /im "cmdkey.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe" > NUL
                      4⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      PID:2012
                      • C:\Windows\system32\taskkill.exe
                        taskkill /t /f /im "cmdkey.exe"
                        5⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4392
                      • C:\Windows\system32\PING.EXE
                        ping -n 1 127.0.0.1
                        5⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        • Runs ping.exe
                        PID:5092
                  • C:\Windows\SysWOW64\cmd.exe
                    /d /c taskkill /t /f /im "HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\Desktop\00269\HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe" > NUL
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • System Network Configuration Discovery: Internet Connection Discovery
                    PID:2692
                    • C:\Windows\SysWOW64\taskkill.exe
                      taskkill /t /f /im "HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe"
                      4⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4064
                    • C:\Windows\SysWOW64\PING.EXE
                      ping -n 1 127.0.0.1
                      4⤵
                      • System Location Discovery: System Language Discovery
                      • System Network Configuration Discovery: Internet Connection Discovery
                      • Runs ping.exe
                      PID:4028
                • C:\Users\Admin\Desktop\00269\Trojan-Ransom.MSIL.Agent.ghg-27182f0ac7425531461affe696f276a11dd5562e2fad18905831e94f5b0ae6a3.exe
                  Trojan-Ransom.MSIL.Agent.ghg-27182f0ac7425531461affe696f276a11dd5562e2fad18905831e94f5b0ae6a3.exe
                  2⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4652
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c taskkill /F /IM explorer.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:2808
                    • C:\Windows\SysWOW64\taskkill.exe
                      taskkill /F /IM explorer.exe
                      4⤵
                      • Cerber
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3996
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/en-in/
                    3⤵
                    • Enumerates system info in registry
                    • NTFS ADS
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of WriteProcessMemory
                    PID:2092
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa038946f8,0x7ffa03894708,0x7ffa03894718
                      4⤵
                        PID:2400
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
                        4⤵
                          PID:2588
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
                          4⤵
                            PID:4420
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
                            4⤵
                              PID:4824
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                              4⤵
                                PID:4996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
                                4⤵
                                  PID:2976
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                                  4⤵
                                    PID:4104
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                                    4⤵
                                      PID:4460
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
                                      4⤵
                                        PID:4100
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
                                        4⤵
                                          PID:4628
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                          4⤵
                                            PID:4508
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                                            4⤵
                                              PID:2076
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                              4⤵
                                                PID:1928
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                                4⤵
                                                  PID:4140
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                                  4⤵
                                                    PID:1516
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                                                    4⤵
                                                      PID:4928
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                                                      4⤵
                                                        PID:4100
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                                                        4⤵
                                                          PID:2056
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                                          4⤵
                                                            PID:2668
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                                            4⤵
                                                              PID:3704
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                                                              4⤵
                                                                PID:2404
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6084 /prefetch:8
                                                                4⤵
                                                                  PID:4992
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                                                  4⤵
                                                                    PID:4140
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 /prefetch:8
                                                                    4⤵
                                                                      PID:3092
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
                                                                      4⤵
                                                                        PID:4276
                                                                      • C:\Users\Admin\Downloads\taskmgr.exe
                                                                        "C:\Users\Admin\Downloads\taskmgr.exe"
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:5076
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                                                        4⤵
                                                                          PID:1040
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
                                                                          4⤵
                                                                            PID:3668
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5064 /prefetch:8
                                                                            4⤵
                                                                              PID:3924
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
                                                                              4⤵
                                                                                PID:2012
                                                                              • C:\Users\Admin\Downloads\cmd.exe
                                                                                "C:\Users\Admin\Downloads\cmd.exe"
                                                                                4⤵
                                                                                • Checks computer location settings
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:764
                                                                                • C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
                                                                                  "C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe"
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:2580
                                                                                • C:\Windows\system32\tasklist.exe
                                                                                  tasklist
                                                                                  5⤵
                                                                                  • Enumerates processes with tasklist
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:4556
                                                                                • C:\Windows\system32\taskkill.exe
                                                                                  taskkill /pid:4652
                                                                                  5⤵
                                                                                  • Kills process with taskkill
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:3404
                                                                                • C:\Users\Admin\Downloads\taskmgr.exe
                                                                                  taskmgr
                                                                                  5⤵
                                                                                  • Checks computer location settings
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:2348
                                                                                • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jhsj-ef5b7665ea1dcc16816547e032d82132832403e6daac70cc5768f26e99ac174f.exe
                                                                                  Trojan-Ransom.Win32.Blocker.jhsj-ef5b7665ea1dcc16816547e032d82132832403e6daac70cc5768f26e99ac174f.exe
                                                                                  5⤵
                                                                                  • Checks computer location settings
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:6260
                                                                                  • C:\ProgramData\svhost.exe
                                                                                    "C:\ProgramData\svhost.exe"
                                                                                    6⤵
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:6820
                                                                                • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jkzx-d124c89b0a5a9b1f56f9176c2c412aa1ed2dda64566df4f499105705ea75da4e.exe
                                                                                  Trojan-Ransom.Win32.Blocker.jkzx-d124c89b0a5a9b1f56f9176c2c412aa1ed2dda64566df4f499105705ea75da4e.exe
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:2304
                                                                                  • C:\Users\Admin\AppData\Roaming\Taskmgr.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\Taskmgr.exe"
                                                                                    6⤵
                                                                                      PID:6976
                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Taskmgr.exe" "Taskmgr.exe" ENABLE
                                                                                        7⤵
                                                                                        • Modifies Windows Firewall
                                                                                        PID:6160
                                                                                  • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jovc-a900b335b9ad0363630d9517d99d4f636b84a538f40acfd6dff9391702d30c9f.exe
                                                                                    Trojan-Ransom.Win32.Blocker.jovc-a900b335b9ad0363630d9517d99d4f636b84a538f40acfd6dff9391702d30c9f.exe
                                                                                    5⤵
                                                                                    • Modifies WinLogon for persistence
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:2836
                                                                                    • C:\Users\Admin\AppData\Roaming\kingoroott.exe
                                                                                      C:\Users\Admin\AppData\Roaming\kingoroott.exe
                                                                                      6⤵
                                                                                      • Checks BIOS information in registry
                                                                                      • Executes dropped EXE
                                                                                      • Checks whether UAC is enabled
                                                                                      • Drops file in Program Files directory
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Checks processor information in registry
                                                                                      • Enumerates system info in registry
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:5584
                                                                                    • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jovc-a900b335b9ad0363630d9517d99d4f636b84a538f40acfd6dff9391702d30c9f.exe
                                                                                      "C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jovc-a900b335b9ad0363630d9517d99d4f636b84a538f40acfd6dff9391702d30c9f.exe"
                                                                                      6⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:4196
                                                                                    • C:\Windows\explorer.exe
                                                                                      C:\Windows\explorer.exe
                                                                                      6⤵
                                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                                      • Enumerates connected drives
                                                                                      • Modifies registry class
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:4728
                                                                                  • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Foreign.hamq-686d991ce763e683ea6ee0f0202681364e8f55efb02c312a59e599b5abb547fd.exe
                                                                                    Trojan-Ransom.Win32.Foreign.hamq-686d991ce763e683ea6ee0f0202681364e8f55efb02c312a59e599b5abb547fd.exe
                                                                                    5⤵
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:3812
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 548
                                                                                      6⤵
                                                                                      • Program crash
                                                                                      PID:4080
                                                                                  • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Foreign.ngmm-dfef0ef6449c8dfde93a161cda3cc821cb9d6e83910197fd828189d94b27bd02.exe
                                                                                    Trojan-Ransom.Win32.Foreign.ngmm-dfef0ef6449c8dfde93a161cda3cc821cb9d6e83910197fd828189d94b27bd02.exe
                                                                                    5⤵
                                                                                    • Checks computer location settings
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:452
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\fud.bat" "
                                                                                      6⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:5244
                                                                                      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\tut.sfx.exe
                                                                                        tut.sfx.exe -p123 -dC:\Users\Admin\AppData\Local\Temp
                                                                                        7⤵
                                                                                          PID:1564
                                                                                          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\tut.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\tut.exe"
                                                                                            8⤵
                                                                                              PID:4208
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                C:\Windows\system32\cmd.exe /k HOSTNAME
                                                                                                9⤵
                                                                                                  PID:5176
                                                                                                  • C:\Windows\SysWOW64\HOSTNAME.EXE
                                                                                                    HOSTNAME
                                                                                                    10⤵
                                                                                                      PID:4556
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
                                                                                                    9⤵
                                                                                                      PID:4100
                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                        netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
                                                                                                        10⤵
                                                                                                        • Modifies Windows Firewall
                                                                                                        PID:4872
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /c taskkill /f /im chrome.exe
                                                                                                      9⤵
                                                                                                        PID:2504
                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                          taskkill /f /im chrome.exe
                                                                                                          10⤵
                                                                                                          • Kills process with taskkill
                                                                                                          PID:5560
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\log\pass.exe all
                                                                                                        9⤵
                                                                                                          PID:5420
                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /k systeminfo
                                                                                                          9⤵
                                                                                                            PID:6456
                                                                                                            • C:\Windows\SysWOW64\systeminfo.exe
                                                                                                              systeminfo
                                                                                                              10⤵
                                                                                                              • Gathers system information
                                                                                                              PID:3444
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            C:\Windows\system32\cmd.exe /k ipconfig
                                                                                                            9⤵
                                                                                                              PID:6336
                                                                                                              • C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                ipconfig
                                                                                                                10⤵
                                                                                                                • Gathers network information
                                                                                                                PID:6404
                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\log\securityscan.exe
                                                                                                              C:\Users\Admin\AppData\Roaming\Microsoft\log\securityscan.exe
                                                                                                              9⤵
                                                                                                                PID:2064
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /k HOSTNAME
                                                                                                                  10⤵
                                                                                                                    PID:3436
                                                                                                                    • C:\Windows\SysWOW64\HOSTNAME.EXE
                                                                                                                      HOSTNAME
                                                                                                                      11⤵
                                                                                                                        PID:5844
                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Foreign.nhhn-9b2699969896d0b301ab47e2f2f7f2051534ea526d862d75f4cda83b29408348.exe
                                                                                                            Trojan-Ransom.Win32.Foreign.nhhn-9b2699969896d0b301ab47e2f2f7f2051534ea526d862d75f4cda83b29408348.exe
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:4868
                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E382\71C1.bat" "C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR3C54~1.EXE""
                                                                                                              6⤵
                                                                                                                PID:1928
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  cmd /C ""C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR3C54~1.EXE""
                                                                                                                  7⤵
                                                                                                                    PID:5588
                                                                                                                    • C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe
                                                                                                                      "C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR3C54~1.EXE"
                                                                                                                      8⤵
                                                                                                                        PID:2220
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe
                                                                                                                          9⤵
                                                                                                                            PID:1508
                                                                                                                  • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Locky.cfh-530326ed9cafede731a478242b0f1f13f7263c1bec156adb2f3f26132667464d.exe
                                                                                                                    Trojan-Ransom.Win32.Locky.cfh-530326ed9cafede731a478242b0f1f13f7263c1bec156adb2f3f26132667464d.exe
                                                                                                                    5⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:5296
                                                                                                                    • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Locky.cfh-530326ed9cafede731a478242b0f1f13f7263c1bec156adb2f3f26132667464d.exe
                                                                                                                      "C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Locky.cfh-530326ed9cafede731a478242b0f1f13f7263c1bec156adb2f3f26132667464d.exe"
                                                                                                                      6⤵
                                                                                                                        PID:6752
                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\42D4\216A.bat" "C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR959A~1.EXE""
                                                                                                                          7⤵
                                                                                                                            PID:7124
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              cmd /C ""C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR959A~1.EXE""
                                                                                                                              8⤵
                                                                                                                                PID:6280
                                                                                                                                • C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe
                                                                                                                                  "C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe" "C:\Users\Admin\Desktop\00269\TR959A~1.EXE"
                                                                                                                                  9⤵
                                                                                                                                    PID:3376
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Locky.hy-ddb80a24da8bec08eeac77e0a7ea13e48805a302290555d4bcb5d86d9080b13c.exe
                                                                                                                            Trojan-Ransom.Win32.Locky.hy-ddb80a24da8bec08eeac77e0a7ea13e48805a302290555d4bcb5d86d9080b13c.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5432
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Purga.p-25aa2980ba724f212ca7292f968ded935760ba0a5b5562c3702e3572342089a3.exe
                                                                                                                            Trojan-Ransom.Win32.Purga.p-25aa2980ba724f212ca7292f968ded935760ba0a5b5562c3702e3572342089a3.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5448
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.dhg-b0697ec9eeec95dc0d07b0d339bcd2577e07ef27dce3d2ac62e55ab32b5a75ff.exe
                                                                                                                            Trojan-Ransom.Win32.Zerber.dhg-b0697ec9eeec95dc0d07b0d339bcd2577e07ef27dce3d2ac62e55ab32b5a75ff.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5460
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              /d /c taskkill /t /f /im "" > NUL & ping -n 1 127.0.0.1 > NUL & del "" > NUL
                                                                                                                              6⤵
                                                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                              PID:3044
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /t /f /im ""
                                                                                                                                7⤵
                                                                                                                                • Kills process with taskkill
                                                                                                                                PID:2004
                                                                                                                              • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                ping -n 1 127.0.0.1
                                                                                                                                7⤵
                                                                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                • Runs ping.exe
                                                                                                                                PID:3832
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.gre-9f39b703428343ea6f5b8f83307bc03f5914ac168aa86acd7214a85badc2ca40.exe
                                                                                                                            Trojan-Ransom.Win32.Zerber.gre-9f39b703428343ea6f5b8f83307bc03f5914ac168aa86acd7214a85badc2ca40.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5472
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              /d /c taskkill /t /f /im "" > NUL & ping -n 1 127.0.0.1 > NUL & del "" > NUL
                                                                                                                              6⤵
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                              PID:7116
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /t /f /im ""
                                                                                                                                7⤵
                                                                                                                                • Kills process with taskkill
                                                                                                                                PID:1184
                                                                                                                              • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                ping -n 1 127.0.0.1
                                                                                                                                7⤵
                                                                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                • Runs ping.exe
                                                                                                                                PID:6976
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.jnu-e5ba39b9b74ad9ac430c915c3fb3b93584f4ad16b03a10a2436b4ce9b66f1da5.exe
                                                                                                                            Trojan-Ransom.Win32.Zerber.jnu-e5ba39b9b74ad9ac430c915c3fb3b93584f4ad16b03a10a2436b4ce9b66f1da5.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5488
                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 292
                                                                                                                              6⤵
                                                                                                                              • Program crash
                                                                                                                              PID:4496
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.svc-085087c7776992c63052994a24afe8aaed428112d03f1a4e0f476e9889cd7a7a.exe
                                                                                                                            Trojan-Ransom.Win32.Zerber.svc-085087c7776992c63052994a24afe8aaed428112d03f1a4e0f476e9889cd7a7a.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:5516
                                                                                                                          • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.vu-f23b33e9204ea79c3dd5a54fa57f2b97709ba30a06fb01f869e1ab06919a0a9a.exe
                                                                                                                            Trojan-Ransom.Win32.Zerber.vu-f23b33e9204ea79c3dd5a54fa57f2b97709ba30a06fb01f869e1ab06919a0a9a.exe
                                                                                                                            5⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:5532
                                                                                                                            • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Zerber.vu-f23b33e9204ea79c3dd5a54fa57f2b97709ba30a06fb01f869e1ab06919a0a9a.exe
                                                                                                                              Trojan-Ransom.Win32.Zerber.vu-f23b33e9204ea79c3dd5a54fa57f2b97709ba30a06fb01f869e1ab06919a0a9a.exe
                                                                                                                              6⤵
                                                                                                                                PID:6720
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  /d /c taskkill /t /f /im "" > NUL & ping -n 1 127.0.0.1 > NUL & del "" > NUL
                                                                                                                                  7⤵
                                                                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                  PID:5560
                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                    taskkill /t /f /im ""
                                                                                                                                    8⤵
                                                                                                                                    • Kills process with taskkill
                                                                                                                                    PID:1068
                                                                                                                                  • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                    ping -n 1 127.0.0.1
                                                                                                                                    8⤵
                                                                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                                    • Runs ping.exe
                                                                                                                                    PID:4376
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                                                                                                                            4⤵
                                                                                                                              PID:6684
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                                                                                                                              4⤵
                                                                                                                                PID:6912
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                                                                                                                4⤵
                                                                                                                                  PID:6952
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
                                                                                                                                  4⤵
                                                                                                                                    PID:1068
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                                                                                                                    4⤵
                                                                                                                                      PID:3484
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5820 /prefetch:2
                                                                                                                                      4⤵
                                                                                                                                        PID:5124
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                                                                                                                                        4⤵
                                                                                                                                          PID:5368
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,499886981819148577,18218399520563474810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
                                                                                                                                          4⤵
                                                                                                                                            PID:6184
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/en-in/
                                                                                                                                          3⤵
                                                                                                                                            PID:868
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa038946f8,0x7ffa03894708,0x7ffa03894718
                                                                                                                                              4⤵
                                                                                                                                                PID:4552
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/en-in/
                                                                                                                                              3⤵
                                                                                                                                                PID:5036
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa038946f8,0x7ffa03894708,0x7ffa03894718
                                                                                                                                                  4⤵
                                                                                                                                                    PID:3884
                                                                                                                                            • C:\Windows\system32\taskmgr.exe
                                                                                                                                              "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                              1⤵
                                                                                                                                              • Checks SCSI registry key(s)
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                                                              • Suspicious use of WriteProcessMemory
                                                                                                                                              PID:3096
                                                                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                                                                "C:\Windows\system32\taskmgr.exe" /1
                                                                                                                                                2⤵
                                                                                                                                                • Checks SCSI registry key(s)
                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                PID:2708
                                                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                              1⤵
                                                                                                                                                PID:3408
                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:1012
                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
                                                                                                                                                  C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
                                                                                                                                                  1⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                  PID:4968
                                                                                                                                                • C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
                                                                                                                                                  C:\Users\Admin\AppData\Roaming\{34607000-E419-7E20-C3A7-73A5797B02CA}\cmdkey.exe
                                                                                                                                                  1⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                  PID:2664
                                                                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x4b0 0x314
                                                                                                                                                  1⤵
                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                  PID:7140
                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3812 -ip 3812
                                                                                                                                                  1⤵
                                                                                                                                                    PID:1300
                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5488 -ip 5488
                                                                                                                                                    1⤵
                                                                                                                                                      PID:5668
                                                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                                                      C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                                                                                                                                      1⤵
                                                                                                                                                        PID:6208
                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                        1⤵
                                                                                                                                                          PID:5744
                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                          explorer.exe
                                                                                                                                                          1⤵
                                                                                                                                                            PID:6388
                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4652
                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                              1⤵
                                                                                                                                                                PID:6176
                                                                                                                                                              • C:\Windows\SysWOW64\werfault.exe
                                                                                                                                                                werfault.exe /h /shared Global\ee6d4b586b284fea8b989c66882f5ce4 /t 5592 /p 5584
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:5720
                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                  explorer.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:2172
                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:3756
                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                      explorer.exe
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:6356
                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                        explorer.exe
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3840
                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                          explorer.exe
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:5660
                                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:6104
                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                              explorer.exe
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:5308
                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:5000
                                                                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:6744
                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:6872
                                                                                                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:5400
                                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:6492
                                                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:5524
                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:6528
                                                                                                                                                                                              • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:4788
                                                                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:1384
                                                                                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:3320
                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:6272
                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:3292
                                                                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:6960

                                                                                                                                                                                                        Network

                                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                        Reconnaissance

                                                                                                                                                                                                        Resource Development

                                                                                                                                                                                                        Initial Access

                                                                                                                                                                                                        Execution

                                                                                                                                                                                                        Command and Scripting Interpreter

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1059

                                                                                                                                                                                                        Persistence

                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                        4
                                                                                                                                                                                                        T1547

                                                                                                                                                                                                        Active Setup

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1547.014

                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                        2
                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                        Winlogon Helper DLL

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1547.004

                                                                                                                                                                                                        Create or Modify System Process

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1543

                                                                                                                                                                                                        Windows Service

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1543.003

                                                                                                                                                                                                        Privilege Escalation

                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                        4
                                                                                                                                                                                                        T1547

                                                                                                                                                                                                        Active Setup

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1547.014

                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                        2
                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                        Winlogon Helper DLL

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1547.004

                                                                                                                                                                                                        Create or Modify System Process

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1543

                                                                                                                                                                                                        Windows Service

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1543.003

                                                                                                                                                                                                        Defense Evasion

                                                                                                                                                                                                        Impair Defenses

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1562

                                                                                                                                                                                                        Disable or Modify System Firewall

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1562.004

                                                                                                                                                                                                        Modify Registry

                                                                                                                                                                                                        5
                                                                                                                                                                                                        T1112

                                                                                                                                                                                                        Credential Access

                                                                                                                                                                                                        Credentials from Password Stores

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1555

                                                                                                                                                                                                        Credentials from Web Browsers

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1555.003

                                                                                                                                                                                                        Unsecured Credentials

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1552

                                                                                                                                                                                                        Credentials In Files

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1552.001

                                                                                                                                                                                                        Discovery

                                                                                                                                                                                                        Browser Information Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1217

                                                                                                                                                                                                        Network Service Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1046

                                                                                                                                                                                                        Peripheral Device Discovery

                                                                                                                                                                                                        2
                                                                                                                                                                                                        T1120

                                                                                                                                                                                                        Process Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1057

                                                                                                                                                                                                        Query Registry

                                                                                                                                                                                                        6
                                                                                                                                                                                                        T1012

                                                                                                                                                                                                        Remote System Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1018

                                                                                                                                                                                                        System Information Discovery

                                                                                                                                                                                                        10
                                                                                                                                                                                                        T1082

                                                                                                                                                                                                        System Location Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1614

                                                                                                                                                                                                        System Language Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1614.001

                                                                                                                                                                                                        System Network Configuration Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1016

                                                                                                                                                                                                        Internet Connection Discovery

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1016.001

                                                                                                                                                                                                        Lateral Movement

                                                                                                                                                                                                        Collection

                                                                                                                                                                                                        Data from Local System

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1005

                                                                                                                                                                                                        Command and Control

                                                                                                                                                                                                        Exfiltration

                                                                                                                                                                                                        Impact

                                                                                                                                                                                                        Defacement

                                                                                                                                                                                                        1
                                                                                                                                                                                                        T1491

                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          10KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          cfdfcc79a21bec5b3933d98e8b510916

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e7df8e4e4f8d0c86ef432db3f881bf1c92206024

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c80e0ea0c6c2a138d448fd6bce92e0075a0fb352689e91dbef7fc014eebc3c33

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          315b2324a5fadb3b566cadf5b558eb84526a777cc435d28e63d8348d4959e0a22c44263659b0d54a13f386b549bcf787f8101a0698c67a498a06928015ac2082

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.url
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          90B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          361667798e3104257111c4fe3d704532

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fc3cef26f78f8868458eb0fbfb0f50ce8ea66044

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1d7f4725ecffd80bc34105ff6c72835fae53c6823f59ca25afbbc2e55987b996

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          63d14f62c34cb81b6bfcbad41aa97bcf4c97f4423a3196fe8ea4c0b403951e243b91b65a40bbf2a720abe99216852783f31cc0422f333b2d3670cce7edee92d6

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\# DECRYPT MY FILES #.vbs
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          213B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1c2a24505278e661eca32666d4311ce5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\ProgramData\setting.ini
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          25B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4802584d684cf48646fbd3264a3a8d35

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          70213a5335ceec0042fd8eb144a65c4698170f85

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          9248925017cfc66884c03c48554874f0a9ff70fda4bfcad53fc534a7cc5bf51e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e10039c09713d44d341366c5b8a76d747b9dd522fbd82e4a45c7f6ac13528ae243d48934726e4fce2ee30d7342512d763249fad5fbdfb45473b8725cc3409df2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          22d47fde80501801656894bc91506aa6

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c5550f5450eca9b24416c56d722b7a6d7d63bfb4

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          326410334921c9a003ca819820b2f26e6a31201d54a4b7dec0cf621756e46a94

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8abc97b035bc4a660184b1fd51ef190fc620d4017821d5e9ced6aee82fdc720be05eb412b606c4dcf2edbe354c370609bfc6ea8b5e14b6a26122f37ea5ffc6d2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          944B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6bd369f7c74a28194c991ed1404da30f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          152B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          93be3a1bf9c257eaf83babf49b0b5e01

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          152B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6738f4e2490ee5070d850bf03bf3efa5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          22KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6cace5d14aa5a3672392c995525d6802

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fa6f420285842d10856f667943c516f459b0fd37

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          cbc9e3f0a1301a55e940bc8ac38e6e6fb63765b78192a4850c2e1bb3f3238a83

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          09c0620428ac5491cbd1678dd3167c0c40f1366cdfd02c8b864446e78a6c90fb56e8729113c3d2771c19f4e6b2213150c275667ded14cc79230372c243a94078

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          32KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          612109e2b2700655a0020847697261fe

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0328b9c72982b69ea9f1c5aeb79220aeb6bf3142

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          6d3f599fee7c90b78295c1d632f36983034a77620d46a42f58d6a79eeae61f2a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a1768e796041db155c5b54eaf48609097f36ec579fe8c4ff740f0ca5a6448d6dba7f563d2fe7d00fb1f1a25bed3ad337148a377332f7ff9ba32fb6959948f1d7

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          47KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          00cb15dd0b5a99d219dea7a7e1f58499

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          1e4895afacff1939289e3a70ced6636fbf902542

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a919b203fc48d2bd0b12c4bc594e801d522ae335470f3c172086fca1c0f05c3f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          63451e3dd9784319af9ffefda5ffc1c671cdc174f5ef07ece2c85ba2416af1d6226418b142dfaa87b38aa7b298957c0fa9b3d2cb30cc2ad3b7d82b9fb264de9c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          28KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6e75a94d5f7170a1ab532d32c2a35755

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          9c1b6fff544089941bbeddbcf529c3f0b46d853a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          27cdbf98a3f42510eaeb28437e3c4661734b685d63eff5e47364ac46b73de617894edcb19ddd9afd955de192cfd8bb755998ed609ec2c279e9afab3db2583175

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          28KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          72095568168d6a31e051e4d531759151

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8ebe72ef4631721d800aac28d854c1d1b952fe24

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          17f1417d99d76e46601d483f8516731e18ca028221a57c53d557e00f9627234576d62eb3ab5eb5faa13ebc1d8bff047ac86b1499756bee22ffb76b998b7b19a4

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          29KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4c38c2a78502af8dfbfe0f71cc49a1ae

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          4b8c845263b3696e28cf3f313e0214e22688a750

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e60ffea855bba4241daf68af6bd3c1967211a215ef281c7dac8311756a0781d00f529ff0ac5ce789238a4215eb1540c6c61c69d650cb2027c3c72cd475dd7b9b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          33KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          36397a3bc139c6e9f81d383f060f080a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3f4f86c10920d4ed345f4858b6cde9f93e1aeb81

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          7fff4870e9142e6e1921f8dd78e3b049547ec1d540efe573c2938f8b855db61ba908fa9d3c8da1bb2aae6d95217a586d256b9ea2bd8a8f706b1db75bc21f2cb9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          26KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b7640425501065524cec27d4a55a85ed

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f254c388a65efb4b271c56deb5685a77ebe09d9d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9795975f44bcae6b73979b221b1c544ac943bce0ed485b266749559ae95d39641e09c458f2ed20f4667efc80ca2c47dc6300ad4a3e5ce1d38aa94e014d61322a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          38KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2656cafdecef63f5d299dd84c413ba1c

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          ff28c8d67083a02322b2937f7e76413dfd9aee93

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2021f9e67f753d858cb45a4d435f44d839c2d0fc78cd517c30280b0e97886f28

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          63272c3be1f754f271848c65b33f7db665022883714731e807052c9e2d390ddf29b75ec1d0eaf4aac107c10377d50e670b580afbd314ccc4a0bad36cab1d9add

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          35KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f740a7b917fdc9e82ac7e97bb0049016

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0578738b4ad4557445b6544bd507211c7eee141c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4820702e03f0da1379816d813470bc292e2307f74efbc118b316cebc01fb6fab

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b4a8df613f3d366d33df702bca93b207d60c9f459ab01c576a73fb60dee394310d76a61ebda9c356d169d029971972deadc5a708b9d02302ff5b75b9b1e4bf57

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          63KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8f13d83c1dcc73064edc68ddead052e6

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          36146c5fcdd107b832d8a87e372ad3d5493c1f6b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          bfbe9aa8a61d57d0a61917da25681bcc78fc325d71ec0d51a3002de5c1a693b8

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          bee6397f5afcc435461ddeb9caab125f7f8c8901ef4cd2ec75aabed5b74bbe5b5a932fcd24997031d25f932c4526367a98d70cf23673ac05b3ad8a0d66d14a31

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          19KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          10d20c5f9a21b3326205bf9bccc43896

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          88a0838d407608ea9278c7b852fbb3675a955c21

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8380545066a7b6605a18d82801ee6faa285a5edc89a6f8278a45d67dff816588

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a56f5b20c465f62df0c11ca11db039dd8ed4a12f7a5e649b9eb2c9431de5f2a30e2d3803d16d240ce6efcf3e7c80a184ed65d0c2d7c32f81e2c9266a74de5875

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          112KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d434adaa98a0378eb2fb387369790aef

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a1f67b254391330c808ba980bec04e1607238abd

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b5eba8f553814d48fff0d2c0df334e8cd80c263621994e3ec7767005e00c9b43

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          cd14874e378e82bf94e08a91c644cf3864a37cee76b453e47a2db2c51296aa78617a8fa342cd56cb820e4ac60bce7ed6e147bb81d8becde8b37ee4fadf333ab6

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          68KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8323cf59a1860afd03aaee77f146e3de

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          dcc30b913f5ee92780d78f71877c59fe220b141c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          d901c05f3532c2bd54a7f4ad02718c18efb30af9e34b2834766cf27a835ef294

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          5aaac41ffff765b14018db5b79d1b545d98a363ce997fd0c1c0ac1d86f1c360e782d29e87c44c4ce313971ef2e53c4401de52cd8d0dd71aebf692ee36e184380

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          25KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d0263dc03be4c393a90bda733c57d6db

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8a032b6deab53a33234c735133b48518f8643b92

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          26KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6868d5c6b506140f415854ddf02b9a2e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0bdc58f04aabb487141eddc3fb8825eaa021d2c3

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1fdabf621d252d1e0d68f2889cf8cef8edb58389f06d7bfed5beccea98449c50

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          1f9bda73faf08d6d9bfbca1ab056933d61395c986f7ff561bfd429cfc408aa1500018accea15367eaadb140eadf82a89a89991472ddd2e550bd254fc9cbe8ee9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          31KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4da57ad345677d3d20cc6a06b5b873de

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          1b3a7653fa69ca57d830138182675eb591371a12

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4ed625c6bfb1193d20d5b79873ed1d52715b45b14cb3344518a2e336c21df801

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9252082c58e98268247583f0a9bb259f72acfb0f0aa6b8c60be5755790e65dfb54b8fca9ee2f610ebd493405b179a5a97650de17bf7be95a0a6b4021a4b8a9af

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          272KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5f524e20ce61f542125454baf867c47b

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          7e9834fd30dcfd27532ce79165344a438c31d78b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          40KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b786554392ab690a37b2fc6c5af02b05

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e7347fa27240868174f080d1c5ab177feca6bd84

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          51KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          238d677a325e264bdaa631bb7687ee61

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          75f19a5eececd9fcaa15487eb1e6395d121a7da6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          eeac2189f5eaac434001c24cc412fb547f9173ed8be3e9fdf05f041615594672

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          2859088daa8140e14ed31c8f197ee50d6b415176e13aaaf7e2a309de52869c126c7f0607158d10a8c2f1a67a8e7091b746b7111c78d3294177f673e2bb400f0f

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          21KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          942e2ba31d132bbe2486ff1e36883a86

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bcf42c590a69f66c3a2dfad64842e44913b69778

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c592232c7a1dc346f52af20881107d4f337fc6ebb50cf671c03a3fd01f64da83

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          5f52f31e1882e074500897243b4ba1413758fdcf535f47fe9ecafa15436c68195477f51cd3469dad4d8ffc391c30e6e966280c088d4b7a5c50736ce85b157caf

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          23KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f5805e8a21853c153c11cb39cf2a8bd9

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          9ef22003d0b12ea372b8745ebcfa3ef8c2679aff

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a4023b4d1d4a62eae18aefe9d69b60f04fde7defd5cf9d4aca08d4d8c5fa2876

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          46bedd03055cb82bfb42e71eaef086fa13d2e4f271395ea7d227c257c9b216b4f661bde196121b32e545a5ee4f62afd749b3453bdd5d7e484f4135eb629e659a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          31KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          7e61b81d224f6405bf3627ef89edbe9f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bda4404ac1e59abb848668236e7300efbd824e52

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0df8f825e0c9dc4f2b26e453850346698aba3628a00e5388248f79b0867252b7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          7fb9f50d6808cf2d8a0ef4e7a7e4dedf228fb848442f02e3853749b5e5aea026c733d2c1f1608197b4db4a1a4ce04119442c29148e2ce70c980adb2c040029c0

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          118KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b545221e8f2f154ee6907ff5e689721d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e44887c94231bd08d4390f21ea0f50fd31f11685

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1a340880d20c9fd7de77eb0ac25ce7f6e50d7d64ab5eea248208705bd39d7ca4

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          d05c1d16c755b389d9e41c279221ca1a15391940e5cefd3eb27f918c10711b60a58cf0e03c4231a8e8d015daaafc5b1856432a431a8e7b02887d17d2b4abf97a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          744B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          326db504423f9c87e0a7f608edd8ecb4

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          62abd26bc716a3f32b3006d766d7391f440eb9fd

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b2581e480234374267a591f68d754f6a5350d98499038306fb4cbdee5d2ae7c4

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b12a9ee93f52b96e34c6ab537cbfb27afcbf77b6d30f14e51e4300afdbe63b5e7415bd0946ccc5387213997473abfe0e205d0ea252806db9bfb991af22ac22e9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1024B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f6da39498c839436e91e049a29269cea

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          5d7755b49d929b7475688f53f78b820c8480355d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2b796348b8ab39e05279fa3a797a4ae964be0f1639dc4872a9b20efff49aed93

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          388a9d3e5a3aa61847a5fd5c764d96c300a96061e1c37af0ab0c2afc580510d402cfe13c09ad699bb40e3a422cd6573eceff3547cb856b0e8e347c02d81e7ff8

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          958B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b11a0a61b1674cec71cfa5cdbd5f8363

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c878b17d20fb4ea8e417d4a2cd7eb59ff8dc896c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          984b0d3e5d22e5553fbc8af644ce27745b017f3ccd624e28d3f36e5251e2fde0

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e51efb30b0f69a2ec8a2b04185980027bd542b04525964bdad2d7bb4fdcd4341890ebfa082add41f5927e0c42395669546fe19ea79a7253a9e26cb605186cf27

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b7fdbd7e3633568b54035fe8f320b769

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6767cc5781d31b0c2257df22b8cfa445de1b8d7b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          204d4d8f015871e979e39d6aa8b1d59e1b17e51aea778f8afb6bce6b105b3036

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ee1b8aaae84a41bb727b7f89e89b1bd3303f15780fb64165c92d6a09b20766fe8fed8f0734f5b0998902764dd462f8ed1c04b23bacffc6710fb4c873c5d15219

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          56ca12144b753494f62639d3cf0022a0

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bebf2277dcf6472041088e100c58ff47449e1188

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0e8445c53ca5b520536ff947a8a8a8d0ead624e544d63e699c929fe8c5e23cb0

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          bfe489021a37b3a87b3f56fba069d51edfdc537ce1ae4516bd1fbcaf66658a4808263ab9441bf3b3dce07394682117737829819fe4320dbe8aec56ffecc76d55

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          abd1faf11a1c65a30eca95ff1620fdea

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2e688e7b6ef7bfc6227a95c1720ff1bb81eff7ca

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          779f3438dfd008bad87aa94f4a2f27a0bd552b26df881d2c61e24f75bbfdeb5f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b8c58f87a59b94ab9085c4a258271db51d4e116e016c252107bdc1cdecbd9ca1942fa10449003cecdcdcd2363e30ee94bed39b01caa3e17494bc8abc53fc546e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          3196f483814c44dd279e78c412956d8d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          32aa680e0e51a5f4686c852eb26e424a22b95810

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          22688d716a6ad5e5a9fda77f99cf7bbe53c6f7bc793f1eb7af5e97ad7a207d61

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3db99bb583ae97b52f51903e2dece9b15106a422db43e8bf8510740a2810cf4430c1682161ae67569b57b71b80ce373d2ac63091706b92e88c2fabf35661e39c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          cf7a8c74b1db41c1c76c2f7644e7c821

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c7d8fb270d2ad140e4cf85ccbf835880edaef95b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          e1bfd719a220ad76011f469695cc4640fed04ecf8e0cd6d9cb9be86c344a699f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b6eb36d700210d5acacc623cb81537726c95a1bb4957be9c15e0082974d15d2d799793224f2307fd9af981e274a2915e308ade9428394e01bb3a18f0766f439d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          0a39343a24f8869363ec485d79507a65

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a09f33eb237c16a1a1432be9c9e75566989f795c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1461e20b743fdb085693de22b266fa28c1cf447b6d3b2f5122e6de06d407b880

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          72667246fe526a7cabf586ce2ce1d0dc4fad908d3dcc079a0ddec0e9741c0e4b04db42c34c0384405abe6b85059fb4bda1b0ffba8401bd6773d2bb445239dd91

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          153a23f3cb64ddddbb16db5e5bb05008

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          849eff26a282e3031ed8c5888b76634c5d042700

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          eecf230e5b57daea8787e9a71e4a7dd49828e484df96a25842db8c5e87d039c7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          1dd620f1ef237c5359f67be01aad6347cb97fcbbeb45b34efe6c41577a15a02fdde1457c7d6d0ebd2c10a37d26d833ef1ddadfc3bd2405d352a723b7fbe87a33

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2b1bb7a594bb828bf7785934980d076d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0895005a18ce2f37a696c88b20a24405ba6d4ae8

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2bb1fd590810148b3527dd63285b763e1a91cf28d603cbab215c1a6823697ca1

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          c94e533ee98c62fe8a13cd02b0190697adb56a6d3240a68d353a81a3faa75df03dec6710611bba1fb2bba04540723c89702c2984c9768365c1c8c93780c8745c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          455cd5046917141832dba972ff5e2958

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0e1b389324b8bd6f45b7babb53f9e0a58a3f8d65

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f2dc4ef1432051cc6092f8cbec5dea270b1bf6aea48bc5132353fb4f771512ca

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a94d825cab57d1692aae307322a1cb911067ae9f185eea9ecfc680f90a47a6167ee01c075c6be0e8042edaaf97555f58e20168f6da4fe5163d8ac53ea8554ff6

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          ae988d84696316679f27f37cc0915014

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2aa88632abfddb8b1f9ae3e0dc5c5ef4826c8a34

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          e1f8b97471284de07fe916bb04028925ec89dbf8c7f45ee874a84f27e3cb76a9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          79cd56b86e85680cda8557da6974ba31246ada7375d634bf00562b9d1cf6eec5cc7f681b0b382bd1887d3e3d7dc1ebb9f93c2627076f8698d4079ecc484903d2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          287bece7b36cbe8eb520533c6f06b79f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          63ff0f5cc128e81b17430aecaea007addd9d4e65

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          3d9956897afd6f65c47f558f356c3d75de31c8d79486e53087a9fb87e17cb59d

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          77912ae4d65c8e90f6d1bc79bdbdc6c2429e7021fe00b06297e038cd422a670ce5c7f7bbf293ffbc81330e5294b1b39c667ba3207aba57b2a1be1a4591a95003

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594fdb.TMP
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1208e890eac3454d730307e44620c77d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          eaa4d3753d4144a73bf932c596349379346f0819

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c31f25c05ec1761e7436205d422d86d284fa965a91c8407b0fd316f93eda39c9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b926a28eed4148ca0dbd2c39837c60859de837bacd5c5ece60e908ee8d804c3f51ddfb2c123ff14935149d29c143353debaa2db6f38964a6bace3e78dab2ef97

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3de0da4-bd85-4b7f-ba4c-5690cb54a6e7.tmp
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          e57f2e2f7babac47a8dc01fc41513667

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c0d77e1246b9d456f4a78a0d8615af527219540f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ec02c140ac20d7146745ce6d88836b10001ce69fc086d40fc8d230033ec43781

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          07015319a0840c2a7aad917f6e057d03aa1c4aba1492c3ffd745b08e2e6bfe54aef448d5b8cd6046e0ae2c311ee25bc1be8b35fadd13dc085288392889d53e3b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          16B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          14KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          988b0cc85cbccc47056b2d13becd6ad2

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          1649ab5895b89a9a28fe30c40f1e096e1ef8536d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b31d452b9307f2e113c9bf9a0ba0c3768b05ed637df0fef6cd6eb2db145fbebc

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          675b36762e8095ba4bd146348a028152fa14f3ce18334c9d060dcad61a95d6f9b9a9090b404c9273eba548a9bb66cc6682881c596fb9239e2320433fb7c0f73e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          11KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          61375d6d623f2033d97524c27a5aebb4

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          b99e577b5003ea6a00921ed9bbda9f775e1f8df6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          96179ac7dd140c758dd5173742553e9d73e1d7beaa0125b722b18fa8cb93a9d2

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          75f5d23f726c671e7572366f75242ca98e037258eb454e8602e2c682100dfe8e689bb7af30f616c070567565dc0b52ae0b9e634bd672602168a948eac96a5836

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          14KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4a590266119ac8432d0482f5c1196a2f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a2dd6e40945293ffcabb92d5fb356daeeebfae3e

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c04bc0098a85f9f78c0220eed272ff8b00e8768e35bc715a12c1138b17493e32

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9eec3268001ce756e742792a140d40608cd6b2c888aa537f2f071e9e90d11806c38b078c96892a31e49761467c505b4294f3fe887112da02b4977740bc74de79

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          14KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          22a3aa44f2e2d99d77f62b5df814e644

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          118f545058bb02be6c6e6d6227efd347d2f98aa0

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          83cd5f485725a8fc67a1af2b416b24d066fbdfe815bef3c379fb97cf4440255c

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          bd385a36afd6052d2016acd2ab9b4b5d25abe5a84a161179eae607fd9a82c9813a5380aecebcb05412d5b3ebcb6bf9cd4b7c10904396ccdf5f17a13ce399b469

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\5018NUY7\microsoft.windows[1].xml
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          97B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          e3c88c5e43419a9341daaf3ce9d842ca

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          35b177cc342d7694793ce3e4a2b09534389ee1a5

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          89c375db3fb0fc28facc892ec859010d6b9e0209b53e0960335e84ea59e42095

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3946bbb05f31d9a5881a541787d8a72b0290496d38cc1970210a86a3cbd79accda669dde84f3ffbe9023e7f5a5577ba33425f39510a47e1202302abb074f6e8e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133849034479041563.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          75KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          be0526a81e1b02069cf0702af28a7613

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          4f283918dc54c210470560ae65140d67633efac5

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2c59df51a07714c115254ec45c3be2b855ae825ee8735041afeec2d8be990f76

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0b086d8e80f5343f565869a67ac58ae6f4cce8eb2ce87d2a7a908e5638e47888013d8a379c662256b5eb1a5db04ed7c9d4140bd4a47c87660c32a4e159fb686d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\INH240~1\images\BGPF.jpg
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          14KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b0ab1dea9b0f968618bae9c9db013ff4

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          9a32a48ff06a47733c517099be25c328eb481e61

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1325a298955026c4478d7044b0218b17d82f628eb5098a9a017edd70f3b6272a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          5e6a76f3223969e801e9c6f6c24e85c49ad5c31e92311971a262bd93342a5de756a674aa8081437e3e5feac20774dedb2232cec85051b12d451fe1fba07b527a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\PDhiOVIcUC.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2.7MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          81cda088cb79f851e63a2fe0a689c526

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          30aca12985427d200ec3a9a2326905e56420e95a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a900b335b9ad0363630d9517d99d4f636b84a538f40acfd6dff9391702d30c9f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          7a493f83e1590fc8f264e80a8e3425f002b0fb7b0adf42c402809fad81a463b3aa53d7a1f1921168595dfa6fe2aaf25fe14a527bbeb76a0a0827611b6454a23f

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\tut.sfx.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          705KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4b7a31cb77852c4cb74ca95d211b59b9

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2099431d1eaae3f3201155978e9b9be32e87a7f6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          decc6aaa47e3638274d36ddba487668100573e3726d31de9c0fb3cf6db52c635

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8f27d35a0fd5d5706bba24be346f845faaa542662d4f902f54e11c4b2885b7f236aa7a57a5a5dc4d3e995ae0a238c1cda2a67e1f73332f1fe16dca1c19c7e512

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RarSFX1\tut.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          476KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          e228dee6ac4f93bbcb8decf510366eba

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          045bd9fb34213ba828fab91e13886c358ada4733

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          7bc781400b97b7cf3db9c75676293611943213e31ee613cd5df678a2146e531e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a5a7cd20926355ae3c49f06cef12b7e2a5d8fdeca1e2fc7c3c9faf9a5f04b99486c72c30b55f08c3e48c2336f1ea58a1982d2701064160d03fbc0e7856532a95

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\bootstrap_36965.html
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          156B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1ea9e5b417811379e874ad4870d5c51a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a4bd01f828454f3619a815dbe5423b181ec4051c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\css\main.css
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2a05cbe58bdf3ec425d2a6570d4cc94e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0584c7c0aa4ab366d372f2209e11c1d2059344ef

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          9ea590935f274f7fa2d5bc4bb7f6c49df28029bd1770ae821ba003eabe422d74

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          159b15aa42203a817c4e4a377693542abfa6adb3702315376fe5c5dc93753dc38a153e49c7a57d3833f3b992fa11c8d97ed716207ea97eb79e4008b9c9b64309

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\css\sdk-ui\progress-bar.css
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          506B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5335f1c12201b5f7cf5f8b4f5692e3d1

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          13807a10369f7ff9ab3f9aba18135bccb98bec2d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\BGW.jpg
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          29KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f1fafe62ce42fe8d8a017cc6c32a967f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          7c822973ce0aba5ea5432e2ca53d5ca33a85b595

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          87488e0a7e27d0f46e61bb7d1b5302f1c02ebefa15105ae42daaf9c9573f41b1

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          376c50e552e141d6bce3cc5fad7d9d7bd84dacffaf4ebcf1b52d91f1c01dcf9446a83a1513b95147ff85ea081ae2e17a4d0a1f56c87a6f2a1be61742370f1837

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Close.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          14KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a03e33899b59d68d748aa83ed057218c

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          96aba0923ec32b0f38e0f5db69d1af89182125ae

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          37044c9bb7002b22ab671cc5e5f1c605c8bdbedeb1e76c0199dd08960eba6989

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          60b734ebcc9dddfc0b7155dba90848a1f31b07b47a6fa4cc5adc1b6c48ff0ee0228553560464b87a3800d8a8ae31809ca15d561f78476764962b30a23801c5dd

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Close_Hover.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          617B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b9939289baf40d3c517865f25284beab

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e2bd82c8c9984621f3cb7c6b2eccb36ca31ac1b5

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          18b9457accd6eae454ef5a1722e453c5cecb634eb3d31e7726b35ca38ad0602a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9262052702c235bec1e6c52a2283a7b109e76e80a2abde303b1f478269d99212b3d0f5e6ed51ceb3fa520731f4c1f28773b8856b116e07f853788fe92ec89f39

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Color_Button.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          330B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          ccf0f5b76f9bfde3a0a3f135631309b2

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          079b1bb6e15ccc6f7db5ed85fa538a4b376e570b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ed7f434e52910bef93f040dba887a0acaa670cc71473899b7a18080f34f2dd78

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          62abc106db0e9abf533dc39c936ebf5e182dc1c75eebc8bc607f34bac6c70e9656cb711f48b5697b873de4570cb62d87b9eefbbdf77e9a1c567faf90ae039713

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Color_Button_Hover.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          16KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d9441b065d9b0993d621e5dc5d710b61

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6edd6737cf0ec53f284b0f082be7320dade56485

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c47e4864d1bfcd4b6dea8d7c8986edf9a01e8b17ed2bc9a64c051ad6080f170c

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          1ce4a8bb396fff94c1337dafb7962c0bd7773bb4430638d5709d9263050f6de9d235bcaccb922d7152efd0821e2f351a904cc22987885aff5f9a1dab7f756563

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Grey_Button.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          331B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1bcf608232da7626775c4aa9df58e77d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fa5b6adabd3803dec06602243c2a3d5a6cb55d6f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1f51a0e776031a689733ffc64dc744855ecf334b40f1591edfdb866febb9f74d

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          f07bfd1052ca51bf42c934a802a00a876787cf6ab4bf6ff42ce16952245b7b790a17036947a7d0979978c434d0073840e8055734950e9f37b38c7fc4c177c676

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Grey_Button_Hover.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          15KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          9cbfe21598e22b7e292489d01f29da38

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f5c706a973d9acada9e181f2d7e7404cadad66c7

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0cd05b6abd82fa0e127817630d9ef21aa1ddc1e96ca5949ce171b03059bb8594

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          493dc343883dee2800cf0f409c5c2f87cc2a70daee19544c0361e6f9ed3577d33c67069cee0c05b7dc0f0ee91f75b5b70af90609d22d5dd86b6f892d9f43f167

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Loader.gif
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          afc685139a108e33bd945d5a3ff64122

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0a8010919ce9b60896e23d0db54fc7473b350ecc

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4d70f45a9c69d8ce2e630214c1b2871454d631ccf9d88976470170d0e106acbc

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          62cf2171cc4a8e0a2e19608571c465ec3c038dcbe0f9a054a3c14a809a434b89868fb080bc15f94a5e4caebf987eabec966cce12cab14d4ce05858a65058534f

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\Progress.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          160B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          043c0216d54611ad90d2375463332679

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2ecf7f437ab576377578362fbdca3d4a87be0fcf

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          73e025fcd36fe9e1688aa3be0bbc654372e69e65426aae076323a091641640d9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9f199073456db9e012cdef7473cd92be3eaeced6d0e27a2f7d2da506b94b6ae20b5ce58d560b89e2db3cd2ae50dd7bb09cfbc77deff585cec05db4189bcc2995

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\ProgressBar.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          946B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          3afc187f68a37975b9dd49b5988a11ed

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bd4ad670558604a428028f48ff339b409e8c13e9

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          867d3788800f55a14d1bfeb3f10f7b12ab1ba47329a98e2a89546e822a64fc82

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ac31f118646b6221d3cd181eadf712b64d4905c936c1687d37bb9118a1ef908c76f6c832adb0ba772a8b705e63ce9a6986c0622df5e1113ce9473ea34f76ff3b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\inH24086426557622\images\sponsored.png
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          e3758d529f93fee4807f5ea95fbc1a6c

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3a9a1ba234e613e5f808c3ffeda05a10a5dafe00

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e891552bee3aa10247cad1fcc510331077016a6e71d46827be2dd46017f943c5acc2c1506b41217880d35d52a94989923ad0a345f8791da4bb379eceefe3c407

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\mmyjurd
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          38KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5e468b1bc6e76ea6171abc12a1878e0e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e7c44921b8efd0ae866f5d8c28e225ee18cfb746

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2b5ec022a7116f72171e69279d749f2030b0eb337c2da9d7a4fc142da365ab3a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b238ae9ab704cff72b1eb0b21ce1e7730373e0606cf20efc95f2384776102bb401487e119c77e5afffbcd2ee6fb6371c900745f560db0837d294f63abd4b9cbe

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsk4C2A.tmp\InstallOptions.dll
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          15KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f8d9d9418e6e1827ed2b53dd930e48fb

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c78b0e5b274dbbfd032a0f3ed795d82d5ea617c8

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2a2878b54550178144665d4c5f67309f71f1089679ae0f84fa419b8a309a88e4

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          510ac31f9e330ec2e6133c1cbe775a955b79b94dc5a84d94b2c59d9b513c35f3786ff8a7f706d04ec2503a4ffc16535624a34e0dcc53e91eedd2321691b617fc

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\nsk4C2A.tmp\System.dll
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          11KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          3e6bf00b3ac976122f982ae2aadb1c51

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmdkey.lnk
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          82e4f5a9a47ada08e219c2c75f5258f7

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2db6b81f7344c3c8c186ba1e014f17fc7dddc95c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          44acf49abe95745d87d38f4650b7d96d61762b7055b2f7434a05d737dfc0a397

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          487fed84ed839ae2e905ea0ef53d31519d4719cff94acc4c0de1dd7db61cd76a5c8575b8abc8d507e7304195e727f7454d7d65fbbc9081572c16126de60f8a8e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          638KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          ac5181029e7cd72244cce8df1953845d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3541bcf50d39573c15f87efd544d72bb5028e2d1

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          9b2699969896d0b301ab47e2f2f7f2051534ea526d862d75f4cda83b29408348

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          10ad163317bc0aab11c86f67e5cce92c3f38cc6e0b941f41c7844bf4a3e8859ac777dd7a452db85a52b18dc7565bf31384b31d9e683705d0b899b1299b25b1c1

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\appmgine\ApiSmifw.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          539KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          cd862b423b01c908ad9a7a6a479ed642

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          57cbff6535f018b2d5a62c30aba7cf6387ad025b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          530326ed9cafede731a478242b0f1f13f7263c1bec156adb2f3f26132667464d

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          2d0ff8cedae6f4e6e55feee8b4ff2c75033516a3f2e584da23cf848e3ece54ff549b432e6df8f90c4003832dc30eea5bcee46c2028893b0fc351afd86ad18148

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00269\HEUR-Trojan-Ransom.Win32.Zerber.gen-98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          296KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          43195c18da026cb407ca885e8c6859d1

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0a8da444102be058a8df1f2d36ce17d39f987ff7

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          98c411c2132a1b75e6a597bde86b9006260585dcde632cdaf60f33886519dd4a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          21346561088351738c548ed8a860d45653128cde69c04dabd9be2a82e8681e7baa48b043b0fab43777712dcd2bbc7311885bb0743861e8d6e4186504854d9fc9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00269\Trojan-Ransom.MSIL.Agent.ghg-27182f0ac7425531461affe696f276a11dd5562e2fad18905831e94f5b0ae6a3.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          532KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5b40982769552e5767f95b72a9d33899

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          942fbe4cc7fd4fe18b5bcd04031acb25e6e29d55

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          27182f0ac7425531461affe696f276a11dd5562e2fad18905831e94f5b0ae6a3

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3efdb237b7f6fc839cdec573c70b7f2eb2cb4eb3690e063de7436e5dc5c3b9b4c7edab045756a6eafd9303160bf01fe786ff70d09008d8923ee45a9607d02ff3

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Bitman.joz-b6fc8ad904ca0c3028f8f84365637d812fe906dfe8d8c150f80e27a8d78c095d.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          191KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          bd301a3f2a3c419209676b280837cd78

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          9cb7d5951b9d2f45815cdf9f292ab848d26a1e40

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b6fc8ad904ca0c3028f8f84365637d812fe906dfe8d8c150f80e27a8d78c095d

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          f8b12915d8da73eb2b484f417329b43019f771b9e13de282539e5c615b96b12cda1a06fde7e75f53468d25ce30fa68c4beb83d6b14160f0c1899f33325769c8c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jhsj-ef5b7665ea1dcc16816547e032d82132832403e6daac70cc5768f26e99ac174f.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          3.0MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d31a3b9124c0df5216b71e7a95738972

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          24e58c69ad4295b43fd56562ffb6ce3d8b057289

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ef5b7665ea1dcc16816547e032d82132832403e6daac70cc5768f26e99ac174f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          6764c8dd52ff7e4e20fc4332eedb41fde22ab9ab878578caa5f6ad5eb47e88622259dd4167c4b74cb8eceb7b2c79e7744ce849fe74a8bee6eaf7f10274c2f8d3

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Desktop\00269\Trojan-Ransom.Win32.Blocker.jkzx-d124c89b0a5a9b1f56f9176c2c412aa1ed2dda64566df4f499105705ea75da4e.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          234KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          486eb99f837e78d3f3ffbc4f3bfe1e7d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2a0990da8380dfed3cf50d41ff9b850afdfa3978

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          d124c89b0a5a9b1f56f9176c2c412aa1ed2dda64566df4f499105705ea75da4e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0106511e81978f3559e4878ae29b0548b0734a574917f9f83994ac008a756c2a09700eb8872af56e7e7fd95814a5383dbfc4bb99298584f527f65c8f8eb234ab

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\# DECRYPT MY FILES #.html
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          19KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          838c718096f81bd77e0210f2bef8c175

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f6a7e2839261d862e13ab50e065999c6fbaa451f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0bc5524bfdcf9fa829554ea057980d92ed923b7643ce8623533b40a72c2cca63

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          309985ea9a0aee68389939b05fca16662090bfdae2d4f827963413d370b44a39b73c308a85cda9d37310e38b1c93d08f4bc4e8a4c1f0c72c1a3906b489f6b313

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\cmd.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          283KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8a2122e8162dbef04694b9c3e0b6cdee

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f1efb0fddc156e4c61c5f78a54700e4e7984d55d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          99e784141193275d4364ba1b8762b07cc150ca3cb7e9aa1d4386ba1fa87e073d0500e61572f8d1b071f2faa2a51bb123e12d9d07054b59a1a2fd768ad9f24397

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\taskmgr.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.2MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          58d5bc7895f7f32ee308e34f06f25dd5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          7a7f5e991ddeaf73e15a0fdcb5c999c0248a2fa4

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4e305198f15bafd5728b5fb8e7ff48d9f312399c744ecfea0ecac79d93c5e478

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          872c84c92b0e4050ae4a4137330ec3cda30008fd15d6413bf7a913c03a021ad41b6131e5a7356b374ced98d37ae207147ebefd93893560dc15c3e9875f93f7a9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • memory/1388-356-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/1388-366-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/2064-2057-0x00000000009A0000-0x0000000000ABF000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/2064-2165-0x00000000009A0000-0x0000000000ABF000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-35-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-34-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-42-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-36-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-41-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-43-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-40-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-46-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-45-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3096-44-0x0000025022BC0000-0x0000025022BC1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/3812-1712-0x0000000000400000-0x0000000000503000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.0MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4196-1711-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          496KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4196-1705-0x0000000000400000-0x000000000047C000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          496KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4208-1819-0x0000000000960000-0x0000000000A7F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4208-2056-0x0000000000960000-0x0000000000A7F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-505-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-1410-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-439-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-442-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-457-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-477-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4960-755-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4968-506-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4968-509-0x0000000000400000-0x000000000044F000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          316KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5432-1731-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          304KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5472-1734-0x0000000000400000-0x000000000042A000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          168KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1730-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1488-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1723-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1713-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1714-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1684-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1489-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1484-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1487-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1704-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1754-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1694-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1695-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1699-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/5584-1703-0x00000000021B0000-0x000000000231B000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.4MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/6260-1728-0x0000000000400000-0x0000000000708000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          3.0MB

                                                                                                                                                                                                          Download