Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://pixeldrain.c...

windows11-21h2-x64

Analysis

  • max time kernel
    288s
  • max time network
    292s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/03/2025, 15:51

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://pixeldrain.com/u/TcV2BREC

Score
10/10
mimikatzagilenetbootkitdefense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • UAC bypass 3 TTPs 2 IoCs
    defense_evasiontrojan
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Disables RegEdit via registry modification 1 IoCs
    defense_evasion
  • Disables Task Manager via registry modification
    defense_evasion
  • Downloads MZ/PE file 2 IoCs
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 12 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 33 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 4 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 17 IoCs
  • NTFS ADS 5 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pixeldrain.com/u/TcV2BREC
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7ff8c4d2f208,0x7ff8c4d2f214,0x7ff8c4d2f220
      2⤵
        PID:1300
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3008,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:2
        2⤵
          PID:5020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3060 /prefetch:11
          2⤵
          • Downloads MZ/PE file
          PID:3868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2292,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3120 /prefetch:13
          2⤵
            PID:2300
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
            2⤵
              PID:3596
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
              2⤵
                PID:4632
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4004,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:1
                2⤵
                  PID:1696
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4068,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:9
                  2⤵
                    PID:3828
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4104,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:1
                    2⤵
                      PID:2268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4308,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:9
                      2⤵
                        PID:3164
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3632,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:14
                        2⤵
                          PID:4560
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5300,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:14
                          2⤵
                            PID:1204
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:14
                            2⤵
                              PID:2016
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3660,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:14
                              2⤵
                                PID:2008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:14
                                2⤵
                                  PID:3592
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                    cookie_exporter.exe --cookie-json=1128
                                    3⤵
                                      PID:1504
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:14
                                    2⤵
                                      PID:3824
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:14
                                      2⤵
                                        PID:4636
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:14
                                        2⤵
                                          PID:1292
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:14
                                          2⤵
                                            PID:3760
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:14
                                            2⤵
                                              PID:2272
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6336,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:14
                                              2⤵
                                                PID:1204
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6752,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:14
                                                2⤵
                                                  PID:3908
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6788,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:14
                                                  2⤵
                                                    PID:764
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:14
                                                    2⤵
                                                      PID:3076
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6932,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:14
                                                      2⤵
                                                        PID:1760
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7264,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:14
                                                        2⤵
                                                          PID:3472
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7136,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
                                                          2⤵
                                                            PID:2932
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7284,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1
                                                            2⤵
                                                              PID:388
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7244,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1
                                                              2⤵
                                                                PID:2064
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7240,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:1
                                                                2⤵
                                                                  PID:4552
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6300,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
                                                                  2⤵
                                                                    PID:3844
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7356,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:14
                                                                    2⤵
                                                                      PID:1696
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4232,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:14
                                                                      2⤵
                                                                        PID:3472
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4224,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:14
                                                                        2⤵
                                                                          PID:4604
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4228,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:14
                                                                          2⤵
                                                                            PID:2272
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5432,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:1
                                                                            2⤵
                                                                              PID:3576
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=5412,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
                                                                              2⤵
                                                                                PID:1504
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=2624,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1
                                                                                2⤵
                                                                                  PID:2716
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7628 /prefetch:14
                                                                                  2⤵
                                                                                    PID:3076
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=4964,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4784
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:14
                                                                                      2⤵
                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                      • NTFS ADS
                                                                                      PID:4908
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4108,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:14
                                                                                      2⤵
                                                                                        PID:4564
                                                                                      • C:\Users\Admin\Downloads\NotPetya.exe
                                                                                        "C:\Users\Admin\Downloads\NotPetya.exe"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • Drops file in Windows directory
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1904
                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                          "C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #1
                                                                                          3⤵
                                                                                          • Loads dropped DLL
                                                                                          • Writes to the Master Boot Record (MBR)
                                                                                          • Drops file in Program Files directory
                                                                                          • Drops file in Windows directory
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:1980
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            /c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:56
                                                                                            4⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:2352
                                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                                              schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 16:56
                                                                                              5⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                              PID:2416
                                                                                          • C:\Users\Admin\AppData\Local\Temp\EA8A.tmp
                                                                                            "C:\Users\Admin\AppData\Local\Temp\EA8A.tmp" \\.\pipe\{F48A8DF3-C898-4D7B-A18B-334936953C2F}
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1568
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=7568,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7832 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4576
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7940,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:1
                                                                                          2⤵
                                                                                            PID:560
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7968,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:14
                                                                                            2⤵
                                                                                              PID:1000
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:14
                                                                                              2⤵
                                                                                              • NTFS ADS
                                                                                              PID:3592
                                                                                            • C:\Windows\System32\msiexec.exe
                                                                                              "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
                                                                                              2⤵
                                                                                              • Enumerates connected drives
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:1856
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3996,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:10
                                                                                              2⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:1752
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7852,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:14
                                                                                              2⤵
                                                                                                PID:2236
                                                                                              • C:\Users\Admin\Downloads\NotPetya.exe
                                                                                                "C:\Users\Admin\Downloads\NotPetya.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Drops file in Windows directory
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:4476
                                                                                                • C:\Windows\SysWOW64\rundll32.exe
                                                                                                  "C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #1
                                                                                                  3⤵
                                                                                                  • Loads dropped DLL
                                                                                                  • Drops file in Windows directory
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:2988
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8268,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7904 /prefetch:14
                                                                                                2⤵
                                                                                                  PID:780
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7892,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=2984 /prefetch:14
                                                                                                  2⤵
                                                                                                    PID:2712
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=8092,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=8356 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:4300
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:14
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      PID:2976
                                                                                                    • C:\Users\Admin\Downloads\MrsMajor3.0.exe
                                                                                                      "C:\Users\Admin\Downloads\MrsMajor3.0.exe"
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:2068
                                                                                                      • C:\Windows\system32\wscript.exe
                                                                                                        "C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\AA0C.tmp\AA0D.tmp\AA0E.vbs //Nologo
                                                                                                        3⤵
                                                                                                        • UAC bypass
                                                                                                        • System policy modification
                                                                                                        PID:1212
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\AA0C.tmp\eulascr.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\AA0C.tmp\eulascr.exe"
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:4960
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7808,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:14
                                                                                                      2⤵
                                                                                                        PID:4176
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8072,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5432
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:14
                                                                                                          2⤵
                                                                                                          • NTFS ADS
                                                                                                          PID:5612
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8328,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:14
                                                                                                          2⤵
                                                                                                            PID:5988
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=7988,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:3060
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6624,i,1977925958841333815,11303831810907909379,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:14
                                                                                                              2⤵
                                                                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                              • NTFS ADS
                                                                                                              PID:2116
                                                                                                            • C:\Users\Admin\Downloads\BossDaMajor.exe
                                                                                                              "C:\Users\Admin\Downloads\BossDaMajor.exe"
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:1892
                                                                                                              • C:\Windows\system32\wscript.exe
                                                                                                                "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\ADC1.tmp\ADC2.vbs
                                                                                                                3⤵
                                                                                                                • Drops file in Program Files directory
                                                                                                                PID:2160
                                                                                                                • C:\Windows\System32\notepad.exe
                                                                                                                  "C:\Windows\System32\notepad.exe"
                                                                                                                  4⤵
                                                                                                                    PID:5388
                                                                                                                  • C:\Windows\System32\wscript.exe
                                                                                                                    "C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
                                                                                                                    4⤵
                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                    • Modifies Windows Defender DisableAntiSpyware settings
                                                                                                                    • UAC bypass
                                                                                                                    • Disables RegEdit via registry modification
                                                                                                                    • Modifies system executable filetype association
                                                                                                                    • Drops file in Program Files directory
                                                                                                                    • Access Token Manipulation: Create Process with Token
                                                                                                                    • Modifies Control Panel
                                                                                                                    • Modifies registry class
                                                                                                                    • System policy modification
                                                                                                                    PID:5552
                                                                                                                    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                                                                      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
                                                                                                                      5⤵
                                                                                                                      • Enumerates connected drives
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Modifies registry class
                                                                                                                      PID:5756
                                                                                                                      • C:\Windows\SysWOW64\unregmp2.exe
                                                                                                                        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                                                                        6⤵
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:5868
                                                                                                                        • C:\Windows\system32\unregmp2.exe
                                                                                                                          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                                                          7⤵
                                                                                                                          • Enumerates connected drives
                                                                                                                          PID:5880
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 1644
                                                                                                                        6⤵
                                                                                                                        • Program crash
                                                                                                                        PID:5720
                                                                                                                    • C:\Windows\System32\shutdown.exe
                                                                                                                      "C:\Windows\System32\shutdown.exe" -r -t 03
                                                                                                                      5⤵
                                                                                                                        PID:5780
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                1⤵
                                                                                                                  PID:2848
                                                                                                                • C:\Windows\system32\msiexec.exe
                                                                                                                  C:\Windows\system32\msiexec.exe /V
                                                                                                                  1⤵
                                                                                                                  • Enumerates connected drives
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:3096
                                                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 7B1516958BA477027A2EFEB9E504F97C C
                                                                                                                    2⤵
                                                                                                                    • Loads dropped DLL
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:2600
                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                  1⤵
                                                                                                                    PID:3088
                                                                                                                  • C:\Users\Admin\Downloads\NotPetya.exe
                                                                                                                    "C:\Users\Admin\Downloads\NotPetya.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Drops file in Windows directory
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:2988
                                                                                                                    • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                      "C:\Windows\System32\rundll32.exe" C:\Windows\perfc.dat #1
                                                                                                                      2⤵
                                                                                                                      • Loads dropped DLL
                                                                                                                      • Drops file in Windows directory
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      PID:4396
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
                                                                                                                    1⤵
                                                                                                                    • Drops file in Windows directory
                                                                                                                    PID:5596
                                                                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                                                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D0
                                                                                                                    1⤵
                                                                                                                      PID:768
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5756 -ip 5756
                                                                                                                      1⤵
                                                                                                                        PID:5680
                                                                                                                      • C:\Windows\System32\PickerHost.exe
                                                                                                                        C:\Windows\System32\PickerHost.exe -Embedding
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:6112
                                                                                                                      • C:\Windows\system32\LogonUI.exe
                                                                                                                        "LogonUI.exe" /flags:0x4 /state0:0xa3984855 /state1:0x41c64e6d
                                                                                                                        1⤵
                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:5488

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Reconnaissance

                                                                                                                      Resource Development

                                                                                                                      Initial Access

                                                                                                                      Execution

                                                                                                                      Scheduled Task/Job

                                                                                                                      1
                                                                                                                      T1053

                                                                                                                      Scheduled Task

                                                                                                                      1
                                                                                                                      T1053.005

                                                                                                                      Persistence

                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                      1
                                                                                                                      T1547

                                                                                                                      Winlogon Helper DLL

                                                                                                                      1
                                                                                                                      T1547.004

                                                                                                                      Create or Modify System Process

                                                                                                                      1
                                                                                                                      T1543

                                                                                                                      Windows Service

                                                                                                                      1
                                                                                                                      T1543.003

                                                                                                                      Event Triggered Execution

                                                                                                                      1
                                                                                                                      T1546

                                                                                                                      Change Default File Association

                                                                                                                      1
                                                                                                                      T1546.001

                                                                                                                      Pre-OS Boot

                                                                                                                      1
                                                                                                                      T1542

                                                                                                                      Bootkit

                                                                                                                      1
                                                                                                                      T1542.003

                                                                                                                      Scheduled Task/Job

                                                                                                                      1
                                                                                                                      T1053

                                                                                                                      Scheduled Task

                                                                                                                      1
                                                                                                                      T1053.005

                                                                                                                      Privilege Escalation

                                                                                                                      Abuse Elevation Control Mechanism

                                                                                                                      1
                                                                                                                      T1548

                                                                                                                      Bypass User Account Control

                                                                                                                      1
                                                                                                                      T1548.002

                                                                                                                      Access Token Manipulation

                                                                                                                      1
                                                                                                                      T1134

                                                                                                                      Create Process with Token

                                                                                                                      1
                                                                                                                      T1134.002

                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                      1
                                                                                                                      T1547

                                                                                                                      Winlogon Helper DLL

                                                                                                                      1
                                                                                                                      T1547.004

                                                                                                                      Create or Modify System Process

                                                                                                                      1
                                                                                                                      T1543

                                                                                                                      Windows Service

                                                                                                                      1
                                                                                                                      T1543.003

                                                                                                                      Event Triggered Execution

                                                                                                                      1
                                                                                                                      T1546

                                                                                                                      Change Default File Association

                                                                                                                      1
                                                                                                                      T1546.001

                                                                                                                      Scheduled Task/Job

                                                                                                                      1
                                                                                                                      T1053

                                                                                                                      Scheduled Task

                                                                                                                      1
                                                                                                                      T1053.005

                                                                                                                      Defense Evasion

                                                                                                                      Abuse Elevation Control Mechanism

                                                                                                                      1
                                                                                                                      T1548

                                                                                                                      Bypass User Account Control

                                                                                                                      1
                                                                                                                      T1548.002

                                                                                                                      Access Token Manipulation

                                                                                                                      1
                                                                                                                      T1134

                                                                                                                      Create Process with Token

                                                                                                                      1
                                                                                                                      T1134.002

                                                                                                                      Impair Defenses

                                                                                                                      2
                                                                                                                      T1562

                                                                                                                      Disable or Modify Tools

                                                                                                                      2
                                                                                                                      T1562.001

                                                                                                                      Modify Registry

                                                                                                                      5
                                                                                                                      T1112

                                                                                                                      Pre-OS Boot

                                                                                                                      1
                                                                                                                      T1542

                                                                                                                      Bootkit

                                                                                                                      1
                                                                                                                      T1542.003

                                                                                                                      Subvert Trust Controls

                                                                                                                      1
                                                                                                                      T1553

                                                                                                                      SIP and Trust Provider Hijacking

                                                                                                                      1
                                                                                                                      T1553.003

                                                                                                                      Credential Access

                                                                                                                      Credentials from Password Stores

                                                                                                                      1
                                                                                                                      T1555

                                                                                                                      Credentials from Web Browsers

                                                                                                                      1
                                                                                                                      T1555.003

                                                                                                                      Unsecured Credentials

                                                                                                                      1
                                                                                                                      T1552

                                                                                                                      Credentials In Files

                                                                                                                      1
                                                                                                                      T1552.001

                                                                                                                      Discovery

                                                                                                                      Browser Information Discovery

                                                                                                                      1
                                                                                                                      T1217

                                                                                                                      Peripheral Device Discovery

                                                                                                                      1
                                                                                                                      T1120

                                                                                                                      Query Registry

                                                                                                                      2
                                                                                                                      T1012

                                                                                                                      System Information Discovery

                                                                                                                      3
                                                                                                                      T1082

                                                                                                                      System Location Discovery

                                                                                                                      1
                                                                                                                      T1614

                                                                                                                      System Language Discovery

                                                                                                                      1
                                                                                                                      T1614.001

                                                                                                                      Lateral Movement

                                                                                                                      Collection

                                                                                                                      Data from Local System

                                                                                                                      1
                                                                                                                      T1005

                                                                                                                      Command and Control

                                                                                                                      Web Service

                                                                                                                      1
                                                                                                                      T1102

                                                                                                                      Exfiltration

                                                                                                                      Impact

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                        Filesize

                                                                                                                        471B

                                                                                                                        MD5

                                                                                                                        da58d5d237374ed70b43182654eecad5

                                                                                                                        SHA1

                                                                                                                        820ab1547eb267eaae90652d4fd35ed85977da10

                                                                                                                        SHA256

                                                                                                                        5d1afe40fa9700d7b1830d6e65143ad6547b823eb123f2d039732b8389aa3634

                                                                                                                        SHA512

                                                                                                                        4fbb8a4cf9ecba4b28634020bbe8b09a7ae8fed2f64728bc5d09307507b36db6d9476b7af7f3816a80a49018a90d3f603878ed09d7f18f94a7309901b2974a3c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_1EBE14305C1CD982CC3D154951EA37D2
                                                                                                                        Filesize

                                                                                                                        727B

                                                                                                                        MD5

                                                                                                                        5112d5575dc9d54abb937fa501b3b57e

                                                                                                                        SHA1

                                                                                                                        1449462d57e4245402cf55a0532bd387aa6e6e72

                                                                                                                        SHA256

                                                                                                                        2272bf0e9cb6094bc0efeb9e48ce2c3aac082894861d79952859284c410125a1

                                                                                                                        SHA512

                                                                                                                        b8c136583f4c96e2611949188a3837a865eefdcaabe69cf0fe437c1332319a9dda7d5d188b2dc9fa77c0dc9f7bb7cf3041a8da9fc6d16c21eb559686c0fb4a4e

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                                        Filesize

                                                                                                                        727B

                                                                                                                        MD5

                                                                                                                        91dc89b60b046d8764d46ff7c2f7f411

                                                                                                                        SHA1

                                                                                                                        cbfc3f4161d9f0955d5527a6fab751d49cfe810f

                                                                                                                        SHA256

                                                                                                                        2026a94d2e19bb834604c0aa88f475bdd4b45910979db744f7435984c24b0532

                                                                                                                        SHA512

                                                                                                                        f9feeb27026f455e5ba507bc7e035e986fc7f3f3f641b94bfc398e0e4e7ac7f6bb35b7b48b88824b1248b962e50717245d701b1f5068082036b65115fb4ce9de

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                        Filesize

                                                                                                                        400B

                                                                                                                        MD5

                                                                                                                        750ceff799a5615d44f8e18c64137b72

                                                                                                                        SHA1

                                                                                                                        6815c933edfd73f4a8ad7ef8681db6920c822cab

                                                                                                                        SHA256

                                                                                                                        64febb25018b44bd3a773494d0e2a8d365435c7d0119a0121b1a842907e95965

                                                                                                                        SHA512

                                                                                                                        557f02caa88cf5e750ba91735bdef14974bf5d5979a8e727acb433f574d54f5fce37843a89071a08230743f03567d082e36524c87c9d722606a978b15c61c633

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_1EBE14305C1CD982CC3D154951EA37D2
                                                                                                                        Filesize

                                                                                                                        404B

                                                                                                                        MD5

                                                                                                                        1c55e1754cb1e5970975d4466823a435

                                                                                                                        SHA1

                                                                                                                        6d1b33fc4a94138eacd8ef8806d9a1f50d5d5a8c

                                                                                                                        SHA256

                                                                                                                        b4eeca8ccfabd0bed196ef52ded8ad63eeb24fc9ec837e1ab5d87a1ca797296c

                                                                                                                        SHA512

                                                                                                                        431ca09d2571fc4676a8dccb006acd77dc13f39c87e75df2fde8ad09bbb1d2483b63aba3f1be5e681be9f5a089f58fa323075407f5187f2cb8b9d52f4b74ca8c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                                        Filesize

                                                                                                                        412B

                                                                                                                        MD5

                                                                                                                        53fae765c6ddf1c1cd015e604828a679

                                                                                                                        SHA1

                                                                                                                        9140703eac1083634746f06dd04a17bdb1a67b41

                                                                                                                        SHA256

                                                                                                                        9492dd3c5fb3428d56ec2b9c17979d0cbeade9ab8516a0b95d09c8f4cf8806ee

                                                                                                                        SHA512

                                                                                                                        2a322bf9b825af142474202ba2c7ba4499e0c69fc6617ff4bab8b801d7980766c15edceb07cec03b4d2e2ce295b865fd8664da7d160254f30a11e8fd442fd132

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                                                                                                                        Filesize

                                                                                                                        3KB

                                                                                                                        MD5

                                                                                                                        6bbb18bb210b0af189f5d76a65f7ad80

                                                                                                                        SHA1

                                                                                                                        87b804075e78af64293611a637504273fadfe718

                                                                                                                        SHA256

                                                                                                                        01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                                                                                                                        SHA512

                                                                                                                        4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                        Filesize

                                                                                                                        280B

                                                                                                                        MD5

                                                                                                                        02cf1313b32a8ab2f031cee39bee8fc3

                                                                                                                        SHA1

                                                                                                                        861cc0ab9ff881460dd6433e37075b822aac9355

                                                                                                                        SHA256

                                                                                                                        7e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61

                                                                                                                        SHA512

                                                                                                                        f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                        Filesize

                                                                                                                        7KB

                                                                                                                        MD5

                                                                                                                        1b95ff5c7ea43fc8a8fb6477b3308452

                                                                                                                        SHA1

                                                                                                                        0b1a5bb97ed3a60466f5b324bb1a3ee6fd039ae7

                                                                                                                        SHA256

                                                                                                                        0967c81b5de60b4bb78ba2d751fe802db4f5d123cb258be65a5861b51b52fc9b

                                                                                                                        SHA512

                                                                                                                        bbf3006399aa0ef62c72611e148ec9255417b9f4e2624f252f47007117d0f1412bc36c682faa8748f0cd4494987a661653bee5fe713c06772b75941cce9c5fa9

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58f9ad.TMP
                                                                                                                        Filesize

                                                                                                                        2KB

                                                                                                                        MD5

                                                                                                                        b63546abae91c2010f3595672bc26b18

                                                                                                                        SHA1

                                                                                                                        9ba9422031287d88baa4e2bda776ec96ffce8df8

                                                                                                                        SHA256

                                                                                                                        3494046b7a45b991b9b477fabb9b053a0c6767b9f8c76c00816d704df9c1a17d

                                                                                                                        SHA512

                                                                                                                        05aa58c3b4198d4a7bc2c8f9187df48b22bd352f528da0c5f1488824721e126062c45ac7e58518a53fdf5a25cd01713439b397e7ea3a96aadca6d8f15612805c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                        Filesize

                                                                                                                        69KB

                                                                                                                        MD5

                                                                                                                        164a788f50529fc93a6077e50675c617

                                                                                                                        SHA1

                                                                                                                        c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                                        SHA256

                                                                                                                        b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                                        SHA512

                                                                                                                        ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT
                                                                                                                        Filesize

                                                                                                                        16B

                                                                                                                        MD5

                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                        SHA1

                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                        SHA256

                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                        SHA512

                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
                                                                                                                        Filesize

                                                                                                                        41B

                                                                                                                        MD5

                                                                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                        SHA1

                                                                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                        SHA256

                                                                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                        SHA512

                                                                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
                                                                                                                        Filesize

                                                                                                                        9KB

                                                                                                                        MD5

                                                                                                                        3d20584f7f6c8eac79e17cca4207fb79

                                                                                                                        SHA1

                                                                                                                        3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                                        SHA256

                                                                                                                        0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                                        SHA512

                                                                                                                        315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                        Filesize

                                                                                                                        5KB

                                                                                                                        MD5

                                                                                                                        22420e5e3f446cef8e4cbd79eafca737

                                                                                                                        SHA1

                                                                                                                        43a6276e35d6863fea5d928557dbd89d8b0d3ebd

                                                                                                                        SHA256

                                                                                                                        4b3f46c1b1b3fca1020f6a71ff948f06e7c7973130d4cd7ccc3b8e505d54e510

                                                                                                                        SHA512

                                                                                                                        eb282e4a378a762ff677b172b7028788c78ac72939010e8193f0573f93b4469c3527e944755d7d411b6f25ef3bd76aa684dc33a062835dccd4dda32ffc1ecae1

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                        Filesize

                                                                                                                        111B

                                                                                                                        MD5

                                                                                                                        285252a2f6327d41eab203dc2f402c67

                                                                                                                        SHA1

                                                                                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                        SHA256

                                                                                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                        SHA512

                                                                                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                        Filesize

                                                                                                                        5KB

                                                                                                                        MD5

                                                                                                                        f56467392253e71fa94b9b21bdae9cc8

                                                                                                                        SHA1

                                                                                                                        6ed280b3cdbaa98ccab79ce7a7f2cc97d1787faa

                                                                                                                        SHA256

                                                                                                                        a5cbe0b3a7318bbcc995d5b93cffd7418b5794c7c605db1f1ec58ac540e86d83

                                                                                                                        SHA512

                                                                                                                        5acf914565880243bc9bbe237e0ad8914eba255b42c88fd738c5ad14d587ae44dfcca24ddc87cc8a97604b1a4fb8632575407f52808460d92fdcb1b1dd9b1559

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                        Filesize

                                                                                                                        6KB

                                                                                                                        MD5

                                                                                                                        3fc362d6bc84b425948cde1b63703838

                                                                                                                        SHA1

                                                                                                                        7f8f00164628167af1316198eedac3dc59e76c54

                                                                                                                        SHA256

                                                                                                                        c9d62d1ce3ded0225482c86ec9de1cd2b81e1a654e1f4452f08d2e79f9416f31

                                                                                                                        SHA512

                                                                                                                        a83c61e2bc87527772e5ed4f8b5918e8168b86feaaf09e3f89b548123bf24b16c52e9528478e1571a8d739a8faa601cf4d79d21b387984af819b2a6f8e3169b7

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                        Filesize

                                                                                                                        6KB

                                                                                                                        MD5

                                                                                                                        3fa4891473444703abbebdcc56c6fb4d

                                                                                                                        SHA1

                                                                                                                        2bd323266c4c5fc1462a9fa01cf4a05a2b907b90

                                                                                                                        SHA256

                                                                                                                        2a4c73638d130afc7388ad1be1eda42b0bebff60056a2e745fbf57470b53ef65

                                                                                                                        SHA512

                                                                                                                        7d6c95062bd314d2ff289ff9d719f34713e6e154c71567a07cd8bba894308c6793768ac707c203fc973c2f592395298e75086697242edd6697291722ffede035

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                        Filesize

                                                                                                                        2B

                                                                                                                        MD5

                                                                                                                        d751713988987e9331980363e24189ce

                                                                                                                        SHA1

                                                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                        SHA256

                                                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                        SHA512

                                                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                        Filesize

                                                                                                                        209B

                                                                                                                        MD5

                                                                                                                        3f82d64638e1992e752313972ab16654

                                                                                                                        SHA1

                                                                                                                        0606d2cb6119b62cd5365ccef473927e03e8c235

                                                                                                                        SHA256

                                                                                                                        74bc863b1d91c90b30c1e4be4a941169d1cccfdcb5ca093d273a160d0f88b1a3

                                                                                                                        SHA512

                                                                                                                        99b7509c982c3fed3b242b525d44d88e9ec05e3bb62dbda8749cd7bea98ef4c1ce7da2ebde439c36a227ebe2a2e9f48c4c0ba3617d1db93072c402d02bc07048

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RFe58049f.TMP
                                                                                                                        Filesize

                                                                                                                        40B

                                                                                                                        MD5

                                                                                                                        20d4b8fa017a12a108c87f540836e250

                                                                                                                        SHA1

                                                                                                                        1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                        SHA256

                                                                                                                        6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                        SHA512

                                                                                                                        507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        15KB

                                                                                                                        MD5

                                                                                                                        e06b0608222d1628d542061a6ac7f21f

                                                                                                                        SHA1

                                                                                                                        b8c581431863704538c7a5e6c248a9744d122068

                                                                                                                        SHA256

                                                                                                                        0534d91d7dd3ef272473b079b8004da4a876f39cca1ef9af9acd567d8e3a0097

                                                                                                                        SHA512

                                                                                                                        34f0e62f3024447c0c64146beb2c6e9d3487aea9d37a57b7bf81b0e50fb6e688a15d12f36a2a67cbdb815aba277096866dacffba065efd3737f921dc7fc1ed19

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        15KB

                                                                                                                        MD5

                                                                                                                        50ae211772d78e026028c58e4336bb88

                                                                                                                        SHA1

                                                                                                                        89e7bd0cb5a85a0b37c306c0e9591609ab2bd0cc

                                                                                                                        SHA256

                                                                                                                        aecd3bbd5c9a0d77ba18a708de09a7db4c6a320ed5706e1473d2769274fe827d

                                                                                                                        SHA512

                                                                                                                        de4a93de6b5b1f0c8286d88b812615c5071eb4c9b72764eb33277c51167f754024a381623f3cc6c5ba67e35db4ef54a75bdce9619a671ae9b5b2bf18e89fe473

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        17KB

                                                                                                                        MD5

                                                                                                                        39c04a169be35798048c15fa7f425906

                                                                                                                        SHA1

                                                                                                                        1f9eb162971360be4fcfe326e2d2363197c6c801

                                                                                                                        SHA256

                                                                                                                        5ad6f7f1a3746cb104ef3a43f77a36ebafafaeed17b96c32e02d2445b89c7ccb

                                                                                                                        SHA512

                                                                                                                        7fc45e2d1023bc799fe1821785378840a4dfdcd1b5bad8cbc4e8f4f223e51f46ab59f2c5348f73362692c49b99ecef8fdece0e694c99068aaba4a09b47480011

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        16KB

                                                                                                                        MD5

                                                                                                                        7198b5b816959625b5aec2d84a601f75

                                                                                                                        SHA1

                                                                                                                        71ec757eaabecf3c1b28418a5269d25b0048665b

                                                                                                                        SHA256

                                                                                                                        ca9541d82acc657f07896e5169bbccce1d74dc7159f6d5965eed82b6dd477d12

                                                                                                                        SHA512

                                                                                                                        36029c473904a45843f01be97d03a7326f5e3b3797c2ccf0d51a8664e529f1bf194651e8928a9349feeb0535c0bc13178dd28481cffef2b650799aba9e6e3892

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        16KB

                                                                                                                        MD5

                                                                                                                        1520b23229e396c2ae4437ebaa61d465

                                                                                                                        SHA1

                                                                                                                        f84d689c30e11f6bcaafcc816f7f80202874f5af

                                                                                                                        SHA256

                                                                                                                        8b4b68fc6990f2ced12e9536b58a154f0adf72410d2fa1f2aaa4cfc84caa5f2f

                                                                                                                        SHA512

                                                                                                                        df342cbf0910bd3c373d334c445daba5e223c3320a609dfceb484d03dbffec904129740b475b7a9d8e63acef1c5f3aca8a4d73d190f7332278f77b76ce47a3a3

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        15KB

                                                                                                                        MD5

                                                                                                                        bc14d2e1f3b0af0ee8afeaeabf3b12aa

                                                                                                                        SHA1

                                                                                                                        e67cfbe834b1ddbd0f4ced6490ac469676b37063

                                                                                                                        SHA256

                                                                                                                        b13d1dddfdec82aad9f938b5c9bfc32ab50f5c6768f32bc955ba85a64375f27e

                                                                                                                        SHA512

                                                                                                                        198efae2578653a45a1acaacf2649dd360fdce1eb6bc879dfae5d170d1d80cacd093a2e8ebd1a5ccaa6c760a960c11987a3ca25eb99959002a9866d8546baebe

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                        Filesize

                                                                                                                        17KB

                                                                                                                        MD5

                                                                                                                        0689fe2c498a65c73edf96fda02ce077

                                                                                                                        SHA1

                                                                                                                        742c889048b1e436840e6d0173c13e5f42ce135e

                                                                                                                        SHA256

                                                                                                                        a36cf19f6f0980149356a973971bca8ed217b6f735e0976272cedb6a7b98f9ab

                                                                                                                        SHA512

                                                                                                                        0a4a311692cf4aff3992efed13ff1728b4d926db5f9f108cdaea95572c78d6150446dc2d35e478947792d453a6ef12c5b58058cd10538b68030df9fc68bbf65a

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                        Filesize

                                                                                                                        37KB

                                                                                                                        MD5

                                                                                                                        854ebc6077263980f91091414072987f

                                                                                                                        SHA1

                                                                                                                        fcc3f303d8d9faac69ea603e0e1a15bb867ba91c

                                                                                                                        SHA256

                                                                                                                        0740426cb789070a391cd37fd8c90be7b0b0123bbda52e2a6e7e224005bbb1a5

                                                                                                                        SHA512

                                                                                                                        dbf3da3bfb8bb0d24fc2c51302a97981df70d798b2c3ecad88109201e0942b1611e5a222525c92377519f7bbdda90d111e9ae755173fd88ae0ccc1e9bf136008

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                        Filesize

                                                                                                                        876B

                                                                                                                        MD5

                                                                                                                        01cb7b0324e85b46498946c22c6db352

                                                                                                                        SHA1

                                                                                                                        41110102ddaa465688722d5fff86f0f2cdc422d6

                                                                                                                        SHA256

                                                                                                                        3921aaa0994311495b8146752405e9f25d792d63a97454beb11698662824b5ee

                                                                                                                        SHA512

                                                                                                                        7db4e806c2f014a7aa8a9c8689eae76cf72e3a5c3da7dd144a032a52c1969d259c036afee82546f78fcf96e09108e01cdb42830cb803b2d84af622d390c0467c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                        Filesize

                                                                                                                        23KB

                                                                                                                        MD5

                                                                                                                        8712677efba6bd2a138eea2994cab21e

                                                                                                                        SHA1

                                                                                                                        69e159b928e93e5ba3770504028a15b580256599

                                                                                                                        SHA256

                                                                                                                        ada6111b9f27558f08af31fbe8536d0e99b9a2e19b9d0e90ba6791bf3d090845

                                                                                                                        SHA512

                                                                                                                        0e4ac9c0ac96d446418320a1d0e2d867d80375a95ba1896f20b83a69bfd2f7e12a7fc7ad42cb1bbf38a95b652754ef7c9a3a3cea1dd5fff61270e3572d11262d

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe588e12.TMP
                                                                                                                        Filesize

                                                                                                                        467B

                                                                                                                        MD5

                                                                                                                        90dee554b29eb6b4a423da1a10f3bcf6

                                                                                                                        SHA1

                                                                                                                        fff1411a0164cbfbeab60a5d14b40d7ec47d4ebb

                                                                                                                        SHA256

                                                                                                                        bde2503bae718438b20f0fbc6700135fea750a0c20156b7c8eecb5bfc1e49efb

                                                                                                                        SHA512

                                                                                                                        1dd90ecf27fb3783a99f336ccf15137aeac5974661c6f6d650617194c3fc9a52843f94043faf5e5402dbc2fafc5535a1989004888517f490abb0d6ee4cbf0a6c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
                                                                                                                        Filesize

                                                                                                                        21KB

                                                                                                                        MD5

                                                                                                                        97ffbea42e9a0795865f12dedaa14292

                                                                                                                        SHA1

                                                                                                                        82b1a9a09d849ca8e55914ceb05677991729de10

                                                                                                                        SHA256

                                                                                                                        84db83a7515ea99283ea322d6ae8a7e806287e7e98771a53a5d0e3ff362ecd16

                                                                                                                        SHA512

                                                                                                                        884e56e3e7419a5ce22725d8b39b6d9424c882185762fe6ebb3a5c67d65e87b846ecce8a26491019acd3ba79641f489a32e20e2c7b99576315352cca1f5a13a4

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe588f2b.TMP
                                                                                                                        Filesize

                                                                                                                        3KB

                                                                                                                        MD5

                                                                                                                        c7569efb2fa9fe93c0ea2f0896f54036

                                                                                                                        SHA1

                                                                                                                        e231c700b778b624f6065b035e5803fdd8b4db4b

                                                                                                                        SHA256

                                                                                                                        2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

                                                                                                                        SHA512

                                                                                                                        c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
                                                                                                                        Filesize

                                                                                                                        3KB

                                                                                                                        MD5

                                                                                                                        94406cdd51b55c0f006cfea05745effb

                                                                                                                        SHA1

                                                                                                                        a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

                                                                                                                        SHA256

                                                                                                                        8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

                                                                                                                        SHA512

                                                                                                                        d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        97a0a24003baaf7362f853b3f8ed9c49

                                                                                                                        SHA1

                                                                                                                        7279016d63010d54b82edc0ce4e71ec37dfcfd38

                                                                                                                        SHA256

                                                                                                                        8f7f22fdb0bfbbc684d766c2f2b5f1ef7a1f16fb36a1d44860c1cc6559d92c7e

                                                                                                                        SHA512

                                                                                                                        d890944e0dae60ba9ed85e90ee74d4d073a20250c002480a6338476646437fd2469aa0d529095c80968813c8b5d94af24fbc8e5df98efa352329b58a449eb5f6

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        7KB

                                                                                                                        MD5

                                                                                                                        1268da16f93c55c42b0f2367e2c0757f

                                                                                                                        SHA1

                                                                                                                        73a4fb481eedf74781ef59aed5c82ebe9a648d95

                                                                                                                        SHA256

                                                                                                                        d525418b1a835e360c402c7d1447d09802035f6e13aeec8eafcadc4e2086a2b8

                                                                                                                        SHA512

                                                                                                                        01b4aac1366816e20b37aea92d92255f7f29678e3d744cb75c5204d0d2b8a46904cda8ef35cdee81d2fcfe15a1cb54e731a7a25a67cb9ac491c18dfc1e6ce4fc

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        70eea215d88c43e4e5a5f8e4e5b57103

                                                                                                                        SHA1

                                                                                                                        20db9201cc611db96da42f7fb05645ebdd4ada0f

                                                                                                                        SHA256

                                                                                                                        e870f372af0f101467fcff7ce7940672102bc8efe7178b3f6e9b150d5116c568

                                                                                                                        SHA512

                                                                                                                        8066b03db86d0aab80f6900b74cb6264c7d18f3cfa8bb0cc8c9f59d6f700306f2c4776ba54fd571f666e54c2b06c2c3eb72ba4002c38194c08d01674f58cd8c3

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        96e370b4badddbd31d4fd16f09e290f8

                                                                                                                        SHA1

                                                                                                                        394178a1a7a6351b14b713e1418f90d8a930919e

                                                                                                                        SHA256

                                                                                                                        b0ebb93c544423025634e5ff7b9394a5036b0e3395ef95d3732fb42cc9898871

                                                                                                                        SHA512

                                                                                                                        7eadb21a4d0db9a41355508e746a00227be9fceef9ab8a7bc54d24a3ca3e967a00c4f86a605bf54f2ccea47266f4f2038acaf41df7c189c8c0b27fce162118c5

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        cf753aa3b56a66292ffd220841db0b38

                                                                                                                        SHA1

                                                                                                                        e64f4ef24a60beb04d69f454f27cadb0c69d1cf2

                                                                                                                        SHA256

                                                                                                                        3f6386ae9c35941325aaea46e6f15ffcaf7fe3c387d529ee2404a786d26430e0

                                                                                                                        SHA512

                                                                                                                        19267b48af6290509b4d21c6fa1ce1be231f45d8cd5d5124632d74bc458ed8b9b481f39027f29a58c301da1c294a0e01b5372c66d18a444ba7b82c29ca0894af

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        6KB

                                                                                                                        MD5

                                                                                                                        11c92d3581ed5cf9ed7113026baa82a4

                                                                                                                        SHA1

                                                                                                                        2b58d80d00f1b5318bb4483ba8801d0610d5f52a

                                                                                                                        SHA256

                                                                                                                        9b6aba430b3d318fae6c5d15c1c877371fa666cb2c4bca724241df9646fde133

                                                                                                                        SHA512

                                                                                                                        91ac6a70c7d4a4a9a2e59fdd63d3f12ff293c1c2ad9bb65df455352278bb70014c6f7dbd75fac28757612294e7203066e49fbe2464a3e95296302ec575e2e651

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        39KB

                                                                                                                        MD5

                                                                                                                        4bee10602a7f5c986518c4a396e7c915

                                                                                                                        SHA1

                                                                                                                        a091650ae4c7b40de0eb6edfecbeeb03b2f64069

                                                                                                                        SHA256

                                                                                                                        3c122e0c355bc2bb2f6e2385e9d792ba3a3484a7b371079a49b2d47cc078672b

                                                                                                                        SHA512

                                                                                                                        0e719f76dc42a6fc3510eb36b3c1b7c2bf9c61e3e82206e9053b16897b8a4ea72d41f49943fc709dcbc143490f9c7fe003f301582cc9ac610c6b1911d4c4bccb

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        3481433f5788bdffe7018e033eb9ab1c

                                                                                                                        SHA1

                                                                                                                        29ed4d5b4f5a5b14a99c1c6a7c65bae918aa1fad

                                                                                                                        SHA256

                                                                                                                        618ef2e7d3591521de508918020f217d77846f2ba4d2161647fb61f767b0cb84

                                                                                                                        SHA512

                                                                                                                        046cb107abc100e1f413cc64829b3b67e30f66f956bf5741fbc88f15f27d07ff57a99d3defad307b65e1035aa39f831e3243a46a29d20d14ab87405c20a5b81d

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        6e5bd4b0d6becbdbe332830372e0203a

                                                                                                                        SHA1

                                                                                                                        962762828efdacc80838b2eb1b100f0d4998ebcf

                                                                                                                        SHA256

                                                                                                                        61136c03218a412e0c8b63e2e2c83dea89dec4240f55dd2a3b9305e1e453ef3e

                                                                                                                        SHA512

                                                                                                                        37cd7c80232d6c44bb324f850ac77ff16af764a375d85c54521e2b7b3abdbda54b46873b086c8935d45ecd2f2aa3de80084526629bb75fcd8b365d1d81b81904

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                        Filesize

                                                                                                                        40KB

                                                                                                                        MD5

                                                                                                                        3a060f499d2b82715dc508089d0fcddd

                                                                                                                        SHA1

                                                                                                                        09a902c13b2f5aa3c0a5eb5cc8df3e481b5e6241

                                                                                                                        SHA256

                                                                                                                        496473ed15006e344c2d6af9ef44f5bd3cde347b0a996b8b01b78601e18d010b

                                                                                                                        SHA512

                                                                                                                        6e74641cca84268be1ba4870c3adf602b4510dccf4e1d487b2a1c437d93bbc5c377f66698f71fec2187ddd6a4c8ee313aea6f23a7bbc10b37cce21143b6141c3

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        134e64c3d5d23c86417ddd9bf2b24121

                                                                                                                        SHA1

                                                                                                                        9f160ef07e9b875990ff5b542e747443db007744

                                                                                                                        SHA256

                                                                                                                        d079fa3d03f4d702427a4012d169eaa0ef766cc7bd3ed7e414c3185764c2ee10

                                                                                                                        SHA512

                                                                                                                        979ad9a6702df687a991ecf1080eaa89697aadf0dc1ce06d9a672e7ea2ebddd19ba56d82b907b1cad658f46d3a0165b6d26d6d11908acd3f5580c0619cd53929

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        aeb8c7b33b36b3f9f0e639060d14a93e

                                                                                                                        SHA1

                                                                                                                        de2b1afe338d27fa208fcd9308915b929032213c

                                                                                                                        SHA256

                                                                                                                        7655be905355869cdbd4e0ec22363d43ae5840b42a53163da25ec2ec10cc0065

                                                                                                                        SHA512

                                                                                                                        2120ae4bd921f8d23dbff0768f19965590255af9e2f181329de3123de5c8b527bfea4354b9c94baa291389272d79eaacaa4ee4e1c195cfab52e1b772817e6421

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        c86db3d020165438737f0754dfdc809b

                                                                                                                        SHA1

                                                                                                                        cb222bcd741d31d97a9f62cd852f5e0ac34a0986

                                                                                                                        SHA256

                                                                                                                        ad786320071933085f8af4ac19531b9da36c85525a7f8e66b54a53f12cad8984

                                                                                                                        SHA512

                                                                                                                        c5fa79dbf088db110baf476abc71a531ef59a548bb32ea35199b1f68dbbaeb9c579e249553fe0ca31670389ade21f076c7106a2d393871ad55c3b44336be803e

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        adec5d11e723f86e73292d9c4072f4be

                                                                                                                        SHA1

                                                                                                                        970a0770fbd9ba818ec7502326e3542b1cab2766

                                                                                                                        SHA256

                                                                                                                        737672f1ac9ae1feb4191b2ea3a0beb0c8423fd33bc6b114868c3b52471cf6d5

                                                                                                                        SHA512

                                                                                                                        fa37bc45c8d774b73e5899ca436c1726a7062beaa47733ee9543a6a15d0d689572e85cf2a31b04995dc5ae954919c04df301f2ad227cc0811bade523096d6c99

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        b2293af20ff5eec80b7aa2af337413b0

                                                                                                                        SHA1

                                                                                                                        d2988fef5128c8f98bc6af39c96105a10848f29c

                                                                                                                        SHA256

                                                                                                                        ed00956893e1cdbd00a9bd773b8f3873cfeaaf1df9199d88a3681c35c94a432d

                                                                                                                        SHA512

                                                                                                                        6a48ce2583047c3ebff472b636cc171a3c5920259610f2289eed28acfc48f0824a2408a89fe157f718430e0381cbcd3f6f3267da5173a709e24072bf2fd0141f

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        d0b1ab178e1e0989cb8064b69c61e61e

                                                                                                                        SHA1

                                                                                                                        55232cec766034184c11fe1f13c40b5087ee820e

                                                                                                                        SHA256

                                                                                                                        e28658b2e6261d132a8026db882274b6d63c3d1108712354040fbf74074a2ec3

                                                                                                                        SHA512

                                                                                                                        a888e058289aaadb20dcac29b84bf1ba601aa4ea0d63964f411ab6cfec7bd053a8d15c9a05c25b9b79804511af09cefe5916db7f559894869e2b0f6b366752c4

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        33813f19a02ebe2924861c6399f01b85

                                                                                                                        SHA1

                                                                                                                        bf6c3b9ce9f7f6fc00ae71bf37730cb043365413

                                                                                                                        SHA256

                                                                                                                        d4b07ee1bcc279c2bbcc4d58ffa63569e2b4b9a163f2ecabe6b429e5398a9e27

                                                                                                                        SHA512

                                                                                                                        8eb5edc2b18f12907ca4d5686626ddccc8efb21a13de0222f4d31a87458555b63dba38c74831227c615a69a98638d8ea830e9107b14f09a04079fa45885d95a3

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        b4c91375cbd2305ecbff93e3e1413843

                                                                                                                        SHA1

                                                                                                                        697066bfb119e521c865f7fb9bef6bb77a20b2e3

                                                                                                                        SHA256

                                                                                                                        bf313464222917e5625ccb5a617cb7a12b596e756b93bbc3a3ce10fe41b5ba61

                                                                                                                        SHA512

                                                                                                                        20779c0efb1213a257064684e8aa1b5dbec74318ed5a6051b488105aaa6009c5da1a5d72c7a06d8a43e2dd63f51c88b637176701759cca1ece13af5e04f85980

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57f2dc.TMP
                                                                                                                        Filesize

                                                                                                                        392B

                                                                                                                        MD5

                                                                                                                        3fbda280b1871c37cc4a65ec5ff26acf

                                                                                                                        SHA1

                                                                                                                        d1ba5bd80bc39a1f6cd46eb813fd3600a2977b01

                                                                                                                        SHA256

                                                                                                                        3a4bddad7b55b259304d8827ff204df08d7130596bd79f3fd9d259bf31d7cffc

                                                                                                                        SHA512

                                                                                                                        356ed82005c6642e98f7e662a90cf588b141dc43add03dcbb440108bb113779769181a9278460b9d5f5145799f880966d0b87eab6398fdf547dfe712e1203271

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
                                                                                                                        Filesize

                                                                                                                        6KB

                                                                                                                        MD5

                                                                                                                        bef4f9f856321c6dccb47a61f605e823

                                                                                                                        SHA1

                                                                                                                        8e60af5b17ed70db0505d7e1647a8bc9f7612939

                                                                                                                        SHA256

                                                                                                                        fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

                                                                                                                        SHA512

                                                                                                                        bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
                                                                                                                        Filesize

                                                                                                                        2KB

                                                                                                                        MD5

                                                                                                                        499d9e568b96e759959dc69635470211

                                                                                                                        SHA1

                                                                                                                        2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

                                                                                                                        SHA256

                                                                                                                        98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

                                                                                                                        SHA512

                                                                                                                        3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                                        Filesize

                                                                                                                        768KB

                                                                                                                        MD5

                                                                                                                        a8603969a97fec1899ae0f810d3f87f2

                                                                                                                        SHA1

                                                                                                                        6220a63500ce4181a174ed6ad74004d5e9b00807

                                                                                                                        SHA256

                                                                                                                        20e41f685b52dbf08084816dad04957499d072c148f275ea000ea37f7bcede51

                                                                                                                        SHA512

                                                                                                                        bb27aba66ef26fd849f3ebe5d1c875a494a1e4151164deac48187b4207840c1439c0ab07fb6369b3a1ffb64df9ab9fc9431fce0ed9751b1cb0f04e716a2a9ef4

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                                                                                        Filesize

                                                                                                                        9KB

                                                                                                                        MD5

                                                                                                                        7050d5ae8acfbe560fa11073fef8185d

                                                                                                                        SHA1

                                                                                                                        5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                        SHA256

                                                                                                                        cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                        SHA512

                                                                                                                        a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\0be3dd5c-cbd4-40b1-af68-95ad9e203aee.tmp
                                                                                                                        Filesize

                                                                                                                        10KB

                                                                                                                        MD5

                                                                                                                        78e47dda17341bed7be45dccfd89ac87

                                                                                                                        SHA1

                                                                                                                        1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                                        SHA256

                                                                                                                        67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                                        SHA512

                                                                                                                        9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
                                                                                                                        Filesize

                                                                                                                        75KB

                                                                                                                        MD5

                                                                                                                        42b2c266e49a3acd346b91e3b0e638c0

                                                                                                                        SHA1

                                                                                                                        2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

                                                                                                                        SHA256

                                                                                                                        adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

                                                                                                                        SHA512

                                                                                                                        770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\EA8A.tmp
                                                                                                                        Filesize

                                                                                                                        55KB

                                                                                                                        MD5

                                                                                                                        7e37ab34ecdcc3e77e24522ddfd4852d

                                                                                                                        SHA1

                                                                                                                        38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf

                                                                                                                        SHA256

                                                                                                                        02ef73bd2458627ed7b397ec26ee2de2e92c71a0e7588f78734761d8edbdcd9f

                                                                                                                        SHA512

                                                                                                                        1b037a2aa8bf951d2ffe2f724aa0b2fbb39c2173215806ba0327bda7b096301d887f9bb7db46f9e04584b16aa6b1aaeaf67f0ecf5f20eb02ceac27c8753ca587

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\MSI53D3.tmp
                                                                                                                        Filesize

                                                                                                                        421KB

                                                                                                                        MD5

                                                                                                                        6480fcba16736e3403d6c0ad769ffe25

                                                                                                                        SHA1

                                                                                                                        dbbe89051854351bab03bf4e62c2f863d1fe0be8

                                                                                                                        SHA256

                                                                                                                        3b53053d5fa16cf295c6c802b6994dfebf476e7675a475af02ea0d30a1a5498e

                                                                                                                        SHA512

                                                                                                                        bd5bd6de378968da6bf7a163052273aa21c12ad369ff39d7095bec0dc5d97d3fceb721d113c682d7b0e7c3c91a15cd0d7abd27acf7348357b02beb90f38ec037

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\e53327a8-ab44-4bc6-9470-29271deab670.tmp
                                                                                                                        Filesize

                                                                                                                        152KB

                                                                                                                        MD5

                                                                                                                        dd9bf8448d3ddcfd067967f01e8bf6d7

                                                                                                                        SHA1

                                                                                                                        d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                                                                                                        SHA256

                                                                                                                        fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                                                                                                        SHA512

                                                                                                                        65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\f9e880e4-c7f0-43c7-b03c-e348d08fc486.tmp
                                                                                                                        Filesize

                                                                                                                        1B

                                                                                                                        MD5

                                                                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                                                                        SHA1

                                                                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                        SHA256

                                                                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                        SHA512

                                                                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll
                                                                                                                        Filesize

                                                                                                                        142KB

                                                                                                                        MD5

                                                                                                                        d7c8a5e488306d17b368b3edd6c92fff

                                                                                                                        SHA1

                                                                                                                        d5e3d2f00a17c8e7d9b067fa3aef56d1c8e59902

                                                                                                                        SHA256

                                                                                                                        02c5e8e8541645d16d68cb986b895b75d83f135aa8da4a8177e5534b9a86b7c9

                                                                                                                        SHA512

                                                                                                                        d44eff21b9559d972e459e47d49d788e11d75e30517ba1a6c8e07f08d1bd24ffd76fdb73232024db33a590cb8717079e7af8aa848768963a98a4fbb4a20e0d3b

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BabyServices.dll
                                                                                                                        Filesize

                                                                                                                        922KB

                                                                                                                        MD5

                                                                                                                        a80876290a9ddbb9b24ad6b17ac805b8

                                                                                                                        SHA1

                                                                                                                        a748e945053c8358654bf72f4f1bfeb5326440e2

                                                                                                                        SHA256

                                                                                                                        8b614ae0babdaea704e2a6aca233333132a23ae463fe9390d769ba4110e5be4e

                                                                                                                        SHA512

                                                                                                                        7d05b15be914dac1115a66f6092cb160d54ff4dbafc185fc7f9f52408d0c2c45700132385109f2e2c47caf0ea3032f28ce8b259b434f129db9b46bcd4aa1562e

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                                                                                                        Filesize

                                                                                                                        1KB

                                                                                                                        MD5

                                                                                                                        db223ad7de6d8c2efed863da38d9e1dd

                                                                                                                        SHA1

                                                                                                                        3782886bf9929e80fd17860e8a62ac3fd8da7f06

                                                                                                                        SHA256

                                                                                                                        f2b4f9d96ffd30d1367b8a821b291163ce6ebfbb69a6caba88e8fe31ba0810bf

                                                                                                                        SHA512

                                                                                                                        d337254aac886440e7043ef32d25382d4394f0e6a3da31c13a75a745975a5b20abcfe76907b7809c3d13883969810cc91e5650f76d7446aac61fd19b4ddfb2b9

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                                                                                                        Filesize

                                                                                                                        3KB

                                                                                                                        MD5

                                                                                                                        2c2182730f5d4e6f4062af4cc61f1fad

                                                                                                                        SHA1

                                                                                                                        f4f3c7db5e66d58c8c9d0e95e89478ec0aee966d

                                                                                                                        SHA256

                                                                                                                        9da8d04bc53be87dbce56feed1c5f475b441ec9b2dd82bc506044b0b3c86b66b

                                                                                                                        SHA512

                                                                                                                        fa719b5721e9041daaafad7496f69bb2c207b9f08c383b35b1946011d4ccfe79484ef51551a6002ec784fa182e337e716de4c8f60cdd47aaad5b8b1ad4e69d3f

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
                                                                                                                        Filesize

                                                                                                                        27B

                                                                                                                        MD5

                                                                                                                        e20f623b1d5a781f86b51347260d68a5

                                                                                                                        SHA1

                                                                                                                        7e06a43ba81d27b017eb1d5dcc62124a9579f96e

                                                                                                                        SHA256

                                                                                                                        afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179

                                                                                                                        SHA512

                                                                                                                        2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\Downloads\BabylonClient12.msi:Zone.Identifier
                                                                                                                        Filesize

                                                                                                                        26B

                                                                                                                        MD5

                                                                                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                        SHA1

                                                                                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                        SHA256

                                                                                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                        SHA512

                                                                                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\Downloads\NotPetya.exe.crdownload
                                                                                                                        Filesize

                                                                                                                        390KB

                                                                                                                        MD5

                                                                                                                        5b7e6e352bacc93f7b80bc968b6ea493

                                                                                                                        SHA1

                                                                                                                        e686139d5ed8528117ba6ca68fe415e4fb02f2be

                                                                                                                        SHA256

                                                                                                                        63545fa195488ff51955f09833332b9660d18f8afb16bdf579134661962e548a

                                                                                                                        SHA512

                                                                                                                        9d24af0cb00fb8a5e61e9d19cd603b5541a22ae6229c2acf498447e0e7d4145fee25c8ab9d5d5f18f554e6cbf8ca56b7ca3144e726d7dfd64076a42a25b3dfb6

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\Downloads\NotPetya.exe:Zone.Identifier
                                                                                                                        Filesize

                                                                                                                        231B

                                                                                                                        MD5

                                                                                                                        cb44f374dd7b50dd71ea009ac16482cb

                                                                                                                        SHA1

                                                                                                                        da0ee1e07cd0e46d3551a7c3d33c2378d1c497ca

                                                                                                                        SHA256

                                                                                                                        39440d398cbc2114541fc46ce282a075600ea5c903abb7e1d6404ad7b6998369

                                                                                                                        SHA512

                                                                                                                        7aaea0fb60537e52f3a96e20bc27ed9ed10d8ed91c0f0a5eb2d734e800b05510c4d671a446e305f4f21cdd1b518493820b9ed4d1416c29bd31672c739c1ea50f

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_1359849314\manifest.json
                                                                                                                        Filesize

                                                                                                                        43B

                                                                                                                        MD5

                                                                                                                        af3a9104ca46f35bb5f6123d89c25966

                                                                                                                        SHA1

                                                                                                                        1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                                        SHA256

                                                                                                                        81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                                        SHA512

                                                                                                                        6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_1592675099\LICENSE
                                                                                                                        Filesize

                                                                                                                        1KB

                                                                                                                        MD5

                                                                                                                        ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                        SHA1

                                                                                                                        49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                        SHA256

                                                                                                                        3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                        SHA512

                                                                                                                        d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_1592675099\manifest.json
                                                                                                                        Filesize

                                                                                                                        79B

                                                                                                                        MD5

                                                                                                                        7f4b594a35d631af0e37fea02df71e72

                                                                                                                        SHA1

                                                                                                                        f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

                                                                                                                        SHA256

                                                                                                                        530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

                                                                                                                        SHA512

                                                                                                                        bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_1621098346\manifest.json
                                                                                                                        Filesize

                                                                                                                        134B

                                                                                                                        MD5

                                                                                                                        58d3ca1189df439d0538a75912496bcf

                                                                                                                        SHA1

                                                                                                                        99af5b6a006a6929cc08744d1b54e3623fec2f36

                                                                                                                        SHA256

                                                                                                                        a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                                                                                                                        SHA512

                                                                                                                        afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_1661333869\manifest.json
                                                                                                                        Filesize

                                                                                                                        85B

                                                                                                                        MD5

                                                                                                                        c3419069a1c30140b77045aba38f12cf

                                                                                                                        SHA1

                                                                                                                        11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                                        SHA256

                                                                                                                        db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                                        SHA512

                                                                                                                        c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_387963282\manifest.json
                                                                                                                        Filesize

                                                                                                                        160B

                                                                                                                        MD5

                                                                                                                        a24a1941bbb8d90784f5ef76712002f5

                                                                                                                        SHA1

                                                                                                                        5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

                                                                                                                        SHA256

                                                                                                                        2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

                                                                                                                        SHA512

                                                                                                                        fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4556_868388766\manifest.json
                                                                                                                        Filesize

                                                                                                                        160B

                                                                                                                        MD5

                                                                                                                        c3911ceb35539db42e5654bdd60ac956

                                                                                                                        SHA1

                                                                                                                        71be0751e5fc583b119730dbceb2c723f2389f6c

                                                                                                                        SHA256

                                                                                                                        31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

                                                                                                                        SHA512

                                                                                                                        d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

                                                                                                                        Download Submit

                                                                                                                      • C:\Windows\perfc.dat
                                                                                                                        Filesize

                                                                                                                        353KB

                                                                                                                        MD5

                                                                                                                        71b6a493388e7d0b40c83ce903bc6b04

                                                                                                                        SHA1

                                                                                                                        34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d

                                                                                                                        SHA256

                                                                                                                        027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

                                                                                                                        SHA512

                                                                                                                        072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f

                                                                                                                        Download Submit

                                                                                                                      • memory/1980-1435-0x0000000002D20000-0x0000000002D7E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/1980-1426-0x0000000002D20000-0x0000000002D7E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/1980-1434-0x0000000002D20000-0x0000000002D7E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/1980-1437-0x0000000002D20000-0x0000000002D7E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/1980-1448-0x0000000002D20000-0x0000000002D7E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/2600-1590-0x0000000002D90000-0x0000000002DB7000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        156KB

                                                                                                                        Download

                                                                                                                      • memory/2988-1675-0x00000000029E0000-0x0000000002A3E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/2988-1683-0x00000000029E0000-0x0000000002A3E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/4396-1695-0x00000000027A0000-0x00000000027FE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/4396-1703-0x00000000027A0000-0x00000000027FE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        376KB

                                                                                                                        Download

                                                                                                                      • memory/4960-1817-0x000000001D620000-0x000000001DB48000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        5.2MB

                                                                                                                        Download

                                                                                                                      • memory/4960-1816-0x000000001CF20000-0x000000001D0E2000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1.8MB

                                                                                                                        Download

                                                                                                                      • memory/4960-1809-0x0000000000710000-0x000000000073A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download